last executing test programs: 12m34.686147777s ago: executing program 32 (id=189): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0xd00, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300), 0x84, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 10m38.098902143s ago: executing program 4 (id=1057): setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) unshare(0x24060400) r1 = syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2) pread64(r1, &(0x7f00000002c0)=""/75, 0x4b, 0x0) 10m37.845885607s ago: executing program 4 (id=1059): r0 = socket(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r0, &(0x7f00000005c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000b4bffc)=0x8, 0x4) setsockopt$sock_timeval(r0, 0x1, 0x43, &(0x7f0000000080)={0x0, 0x2710}, 0x10) write(r0, &(0x7f0000000000)='\"', 0x1) 10m37.623043218s ago: executing program 4 (id=1062): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000340)=0x63ba, 0x4) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000200)=0x7fff, 0x4) sendmmsg$inet6(r0, &(0x7f0000001a40)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x6, @ipv4={'\x00', '\xff\xff', @loopback}, 0x3}, 0x1c, 0x0}}], 0x1, 0x24044000) recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=""/130, 0x82}, 0xdb30}], 0x1, 0x40002042, 0x0) 10m37.546038197s ago: executing program 4 (id=1063): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0) chdir(&(0x7f0000000080)='./file0/../file0\x00') mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2925099, 0x0) umount2(&(0x7f0000000240)='./file0/../file0\x00', 0x2) 10m37.366039414s ago: executing program 4 (id=1065): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="340000001400b59527bd7000000000000a400000", @ANYRES32=r2, @ANYBLOB="1400020000000000000000000000ffff00000000080008000001"], 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x370}]}, 0x34}}, 0x0) 10m36.127621876s ago: executing program 4 (id=1077): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone(0x89021080, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) mbind(&(0x7f00005b4000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x100000000000041, 0x2) 10m35.746109926s ago: executing program 33 (id=1077): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone(0x89021080, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) mbind(&(0x7f00005b4000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x100000000000041, 0x2) 9m33.834355567s ago: executing program 2 (id=1397): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x42, 0x0, 0x0) 9m32.527144862s ago: executing program 6 (id=1399): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2) r0 = socket$phonet_pipe(0x23, 0x5, 0x2) listen(r0, 0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f00001e9000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89c, 0xc000, 0x2, 0x6}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 9m31.246170616s ago: executing program 2 (id=1400): openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='veth0_virt_wifi\x00', 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000055000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x1b7f, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='/', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 9m31.010277489s ago: executing program 6 (id=1401): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x3f) ioctl$RTC_AIE_ON(r1, 0x7001) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0xc080661a, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 9m30.898250258s ago: executing program 2 (id=1402): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_merged\x00', 0x275a, 0x0) fcntl$lock(r1, 0x25, &(0x7f0000000000)={0x2, 0x0, 0xe, 0x8000000000000006}) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 9m30.477172777s ago: executing program 6 (id=1406): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_BIND_IP(r3, &(0x7f0000000500)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0x8, @mcast2, 0x2}}}, 0x30) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r6, 0x0, 0xf3a, 0x0) write$binfmt_misc(r6, &(0x7f0000000980), 0xfdef) splice(r2, 0x0, r6, 0x0, 0x80, 0x4) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) read$FUSE(r5, &(0x7f0000000980)={0x2020}, 0x2020) 9m30.033579516s ago: executing program 2 (id=1411): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000061043c000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd8b, 0xffffffffffffffff}, 0x48) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x5, 0x0, 0x81, 0xffffffff}) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000d40)=0x2, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) unshare(0x22020600) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r2, 0x3b88, &(0x7f0000000000)={0xc, r3}) r4 = socket(0x25, 0x6, 0x0) bind$qrtr(r4, &(0x7f0000000340), 0xc) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000c80)=ANY=[@ANYBLOB="200000001e00010029bd7000fddbdf2507000000", @ANYRES16=r3, @ANYBLOB='\x00\x00\t'], 0x20}}, 0x20020000) 9m28.253543607s ago: executing program 2 (id=1414): r0 = socket$inet6(0xa, 0x2, 0x0) shutdown(r0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x2, 0x0) 9m26.937101951s ago: executing program 6 (id=1416): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpgrp(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0x6, 0xa, 0x4) r2 = socket(0xa, 0x2, 0x0) sendmmsg$inet(r2, &(0x7f0000000780)=[{{&(0x7f0000000440)={0x2, 0x4e20, @local}, 0x10, 0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x28}}], 0x1, 0x4000810) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x28000, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r3, 0xc0044dff, &(0x7f0000004000)) 9m26.723090942s ago: executing program 2 (id=1418): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x2, 0x0, 0x3}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) r2 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f00000005c0)={0x80000000, 0x0, &(0x7f00000003c0)=[{}, {{0x80000000, 0x0}, {0x80000000, 0x0}}]}) ioctl$MEDIA_IOC_SETUP_LINK(r2, 0xc0347c03, &(0x7f00000001c0)={{r4, r3, 0x1, [0x0, 0xf7df]}, {r4, r5, 0x7, [0x6]}, 0x1, [0x8, 0x3df]}) 9m17.854320396s ago: executing program 6 (id=1432): bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x10) r0 = getpid() bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) r2 = syz_clone(0xb2960100, 0x0, 0x0, 0x0, 0x0, 0x0) setuid(0xee00) fcntl$getown(0xffffffffffffffff, 0x9) r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) 9m17.150644065s ago: executing program 6 (id=1436): socket$inet_sctp(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r2, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2) sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, 0x0, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) clock_nanosleep(0x7, 0x1, &(0x7f0000000380)={0x0, 0x3938700}, 0x0) 9m10.628500405s ago: executing program 34 (id=1418): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x2, 0x0, 0x3}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) r2 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f00000005c0)={0x80000000, 0x0, &(0x7f00000003c0)=[{}, {{0x80000000, 0x0}, {0x80000000, 0x0}}]}) ioctl$MEDIA_IOC_SETUP_LINK(r2, 0xc0347c03, &(0x7f00000001c0)={{r4, r3, 0x1, [0x0, 0xf7df]}, {r4, r5, 0x7, [0x6]}, 0x1, [0x8, 0x3df]}) 9m1.861436022s ago: executing program 35 (id=1436): socket$inet_sctp(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r2, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2) sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, 0x0, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) clock_nanosleep(0x7, 0x1, &(0x7f0000000380)={0x0, 0x3938700}, 0x0) 5m18.0101293s ago: executing program 0 (id=2683): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @local}, @in6={0xa, 0x0, 0xfffffffc, @loopback, 0xc7f}], 0x2c) sendto$inet6(r0, &(0x7f0000000040)="e4", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x41, 0x80, 0xfe, 0x0, 0x9, 0x40, 0x8, 0x5a, 0x0, 0xff, 0x9, 0x0, 0x0, 0x9}, 0xe) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/23, 0x17}, 0x5}], 0x1, 0x20, 0x0) 5m17.862557583s ago: executing program 0 (id=2685): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x1, 0x61, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x4d, 0x0, @wg=@initiation={0x1, 0x1, "65a252e7cb7a5918c004a9971a46afced2c32642b1ec9fe34818d8ccd82041b7", "c930713c550e74ee13c2638ac75b2a9666efd31a34fce4498df8105d8bd8ed283a220c3a9becd8a70d3607ea8270d351", "ae12e16b560f2f8ac4ca3e745ce285f12f6e8719e7f1e7f286a68f76", {"980aa8fb8f80d69f1fb587086447e93e", "55e824bb69e833bd36300b088233545a"}}}}}}}, 0x0) syz_emit_ethernet(0xbe, &(0x7f00000005c0)={@local, @random="6d9e281e6197", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x1, 0xb0, 0x0, 0x0, 0x4, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x2, "65a252e7cb7a5918c004a9971a46afced2c32642b1ec9fe34818d8ccd82041b7", "c930713c550e74ee13c2638ac75b2a9666efd31a34fce4498df8105d8bd8ed283a220c3a9becd8a70d3607ea8270d351", "ae12e16b560f2f8ac4ca3e745ce285f12f6e8719e7f1e7f286a68f76", {"980aa8fb8f80d69f1fb587086447e93e", "55e824bb69e833bd0f300b088233545a"}}}}}}}, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f00000001c0)) 5m17.576931716s ago: executing program 0 (id=2690): syz_usb_connect(0x2, 0x2d, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) socket$inet(0x2, 0x1, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) tkill(0x0, 0xb) close(0x3) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}}], {0x14}}, 0x5c}}, 0x0) 5m14.302030957s ago: executing program 0 (id=2699): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2b59090, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) umount2(&(0x7f0000000000)='./file0/file0\x00', 0x4) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) 5m14.149818419s ago: executing program 0 (id=2701): socket(0x2000000015, 0x80005, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 5m12.583405364s ago: executing program 0 (id=2709): syz_usb_connect(0x2, 0x2d, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) socket$inet(0x2, 0x1, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) tkill(0x0, 0xb) close(0x3) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}}], {0x14}}, 0x5c}}, 0x0) 5m11.771440143s ago: executing program 36 (id=2709): syz_usb_connect(0x2, 0x2d, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) socket$inet(0x2, 0x1, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) tkill(0x0, 0xb) close(0x3) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}}], {0x14}}, 0x5c}}, 0x0) 2m49.486086705s ago: executing program 8 (id=3777): r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r1, 0x1) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) sendmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x2d, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x51, 0x0) r2 = accept4$unix(r1, 0x0, 0x0, 0x800) recvfrom$unix(r2, &(0x7f0000000140)=""/247, 0xf7, 0x0, 0x0, 0x0) 2m49.132479134s ago: executing program 8 (id=3781): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x50) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000110850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r1, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000) 2m48.878877802s ago: executing program 8 (id=3786): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40000c0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) 2m48.71628636s ago: executing program 8 (id=3788): sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0xc00}, 0x0) r0 = syz_io_uring_setup(0x2501, &(0x7f0000000300)={0x0, 0x58cd, 0x10000, 0x3, 0x400000}, &(0x7f0000000100)=0x0, &(0x7f00000002c0)=0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000004c0)=""/120, 0x78}], 0x1) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='='], 0x38}}, 0x80) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000d, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x92, 0x0, @fd, 0xfff, 0x0, 0x6}) io_uring_enter(r0, 0x6686, 0x2936, 0x28, 0x0, 0x0) 2m48.582302985s ago: executing program 8 (id=3789): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) 2m47.586349305s ago: executing program 8 (id=3800): mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0xffffffff) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f000000a380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x0, 0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x80}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) lseek(r2, 0x0, 0x2) ioctl$FS_IOC_GETFLAGS(r2, 0x80086601, 0x0) 2m32.41692696s ago: executing program 37 (id=3800): mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0xffffffff) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f000000a380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x0, 0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x80}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) lseek(r2, 0x0, 0x2) ioctl$FS_IOC_GETFLAGS(r2, 0x80086601, 0x0) 30.475938172s ago: executing program 3 (id=4484): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) eventfd2(0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) symlinkat(&(0x7f0000000400)='./file0/../file0\x00', 0xffffffffffffffff, &(0x7f0000000080)='./file0\x00') r3 = syz_io_uring_setup(0x1251, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r3, 0x6, 0x0, 0x0) setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, 0x0, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000180)='gfs2\x00', 0x2208004, 0x0) 28.832690606s ago: executing program 3 (id=4487): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) syz_open_dev$sndctrl(0x0, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, 0x0) 27.014282893s ago: executing program 3 (id=4488): connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x80) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$sock(0xffffffffffffffff, 0x0, 0x40000) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e) getsockopt(r3, 0x111, 0x3, 0x0, &(0x7f0000000080)) 14.751770949s ago: executing program 7 (id=4515): getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x6, 0x0, &(0x7f00000036c0)) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f0000000480)=ANY=[@ANYRES32=r6, @ANYBLOB="0200"], 0x9) bind$802154_dgram(r0, 0x0, 0x0) connect$802154_dgram(r0, 0x0, 0x0) shmget$private(0x0, 0x1000, 0x800, &(0x7f0000896000/0x1000)=nil) 14.602588081s ago: executing program 1 (id=4517): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = fsopen(&(0x7f00000001c0)='ecryptfs\x00', 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) 13.274957646s ago: executing program 7 (id=4518): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x583, &(0x7f0000000080)={0x0, 0xc7cc, 0x42, 0x0, 0x65, 0x0, 0x0}, 0x0, &(0x7f0000000000)) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) sendmsg$nl_route_sched(r4, 0x0, 0x4000) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000500)=""/74, 0xeeef0000}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000e40)) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000100)=0x1) 13.273394881s ago: executing program 3 (id=4519): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) socket(0x2, 0x80805, 0x0) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, 0x0, &(0x7f0000001080)) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_int(r4, 0x29, 0x3, 0x0, 0x0) r5 = socket(0x10, 0x803, 0x0) bind$netlink(r5, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r5, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r3, &(0x7f0000024c80)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000024d40)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r6, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x6}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200400c1}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r8 = socket(0x1, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0) 12.421385597s ago: executing program 1 (id=4520): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x4000001}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=@base={0xa, 0x5, 0x102, 0x7, 0x0, 0x1}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x3, 0x1000}, 0x4) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f00000003c0)=0x2, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x48}, 0x94) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000780)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xe, 0x0, &(0x7f0000000380)="fc5cc45c490704289349a8af1d25", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) socket$inet(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x8, 0x7fffffff}, 0x0, 0x0) 11.314284184s ago: executing program 3 (id=4525): socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x8040) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) munmap(&(0x7f00006bb000/0x1000)=nil, 0x1000) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2}) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f01e, 0x1}) r5 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(r5, &(0x7f0000005180)={0x2020}, 0x2020) mq_unlink(0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r6, 0x0, 0x485, 0x0, 0x0) 10.918512554s ago: executing program 1 (id=4527): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x0, 0x7fff8000}]}) socket$nl_route(0x10, 0x3, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x4000014, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) timer_create(0x0, &(0x7f0000000480)={0x0, 0x21, 0x2}, &(0x7f0000000b80)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r2, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) ioctl$UI_ABS_SETUP(r3, 0x401c5504, &(0x7f0000000800)={0x0, {0xfffffff9, 0x0, 0x8, 0x3, 0x3, 0xbb}}) write$uinput_user_dev(r3, &(0x7f0000000240)={'syz0\x00', {0x9, 0x1, 0x2, 0x3}, 0x2, [0x5, 0x20000005, 0x81, 0xa6, 0x4, 0x1000, 0x50000, 0x1, 0x10001, 0xffffa103, 0x3, 0x6, 0x6, 0x6, 0x7, 0x3, 0x6, 0x0, 0x40, 0x5, 0x1cac, 0x3eb, 0xb8f, 0x3, 0x400, 0x40, 0x6, 0x0, 0xfffffffa, 0xdc, 0xffffffff, 0xa1bc, 0x200, 0x7, 0x6, 0x6, 0x3, 0x1, 0x2, 0x0, 0x2, 0x400, 0x7a08, 0x200, 0x3, 0x9, 0x7ff, 0x7f, 0x1c, 0x7, 0xe, 0x9, 0x5, 0xa, 0x3, 0x2, 0xf7, 0xfff, 0x71, 0x5, 0x1ac0, 0x4f, 0x6, 0x8], [0x5, 0x3ff, 0x6, 0xea, 0x3, 0x0, 0xca, 0x1c5936c5, 0x9, 0xfffffff8, 0x4, 0x1, 0x7, 0x6, 0xa, 0x4, 0x2, 0x0, 0x5, 0x2, 0x0, 0x6, 0x0, 0x1, 0x9, 0x6, 0x5e5893ee, 0xfffffff7, 0x9, 0x10000, 0x3, 0x8001, 0x2e6d, 0x7ff, 0x1, 0x9000, 0x877, 0x9, 0x8, 0x8, 0x80000000, 0xfff, 0x5, 0x7, 0x8, 0x5, 0x75da, 0x2, 0x5, 0xe8, 0x3, 0x9, 0x5, 0x7, 0xb99c, 0x2, 0x1000001, 0x4, 0x4, 0x1, 0x1, 0x9, 0x2, 0xc406], [0x80000001, 0x2, 0x9, 0x9, 0x0, 0xb9, 0x897, 0x5, 0x3, 0x4, 0x2, 0x5, 0x3, 0x9, 0x9, 0x7, 0x9, 0x61, 0x9, 0x5, 0x9, 0x8, 0x2, 0x6, 0x8001, 0x4, 0xc, 0x80000000, 0x7fffffff, 0x1000001, 0x1, 0x6, 0x8, 0x3, 0x2, 0x5, 0x3, 0x2, 0x1, 0x24, 0x9, 0x2000000, 0x4, 0xff, 0x7, 0x3eef6cc9, 0x1, 0x7, 0x7, 0x8bd, 0x9, 0xfffffff9, 0x80000001, 0x5, 0xffffff1d, 0x6, 0x0, 0xa, 0xfff, 0xfff, 0x1, 0x1, 0x19ee, 0xfffffff9], [0x0, 0x0, 0x101, 0xa, 0x4, 0x9c500, 0x8ef, 0x8, 0xc63, 0x7, 0x1d, 0x358, 0xd567, 0x1d5, 0xc8b, 0x658, 0xcbfd, 0x101, 0x6, 0x5, 0x9, 0x5, 0x6, 0x3, 0x75d6, 0xb26, 0x3ff, 0x6, 0x9, 0x0, 0x1, 0xf412, 0x2, 0x2, 0x2000002, 0x3, 0x3, 0x9, 0x3, 0x5, 0x3, 0x3, 0xfffffff3, 0x8000, 0x6, 0x6, 0xffff, 0x80, 0xf, 0xfff, 0xfff, 0xffff, 0xfffffffe, 0x80, 0xb975, 0x5, 0x5e1, 0xa, 0xffff58ee, 0x2, 0x2530, 0x4, 0x26da282, 0xc]}, 0x45c) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3) ioctl$UI_DEV_SETUP(r3, 0x5501, 0x0) write$uinput_user_dev(r3, &(0x7f0000000d80)={'syz0\x00', {0xb, 0x3, 0x4, 0x9}, 0x3, [0x7f, 0x0, 0xffffffff, 0x3, 0xf, 0x0, 0x7ff, 0xa, 0x5, 0x3, 0x5, 0x40, 0x1, 0x1, 0x7, 0x6, 0x0, 0x7, 0x1, 0xdef, 0x9, 0x7, 0x200, 0x5, 0x73c, 0x5, 0x4, 0x7f, 0x4, 0x6, 0xfffffff9, 0x8, 0x6, 0x4, 0x7, 0x7, 0x1939, 0x8, 0x7, 0x2, 0xe12c, 0x8162, 0x4, 0x3, 0x1, 0x41, 0x7, 0x10000, 0x101, 0x8, 0xc000, 0x6, 0x4, 0x4, 0x5, 0x6, 0xfff, 0x0, 0x104, 0xf8ad, 0x2, 0x3, 0x7fffdfff], [0xfffffff8, 0xff, 0x4, 0x8, 0x1e0f, 0xfffffff7, 0x5, 0x7, 0xffffffff, 0x0, 0x6, 0x100, 0x8, 0xe63, 0x1, 0xa3a5, 0x2, 0x2, 0xb9, 0x6, 0x3, 0x43d, 0x6, 0xe, 0x4, 0x3, 0x6, 0x9, 0x1, 0x11, 0x5, 0x4, 0x8, 0x30000, 0x81, 0xfffffe00, 0x0, 0x10001, 0x7ff, 0x9, 0x8, 0xffffa467, 0x5, 0xfffffffb, 0x0, 0xff, 0x9, 0x6aac, 0x0, 0x3, 0x4, 0xfff, 0x200, 0xc1a, 0xe456, 0x100, 0x2, 0x0, 0x1c00000, 0x6, 0x3, 0xfffffff6, 0xffff1068, 0xffff9241], [0x9, 0x611, 0x6, 0xff, 0x101, 0x5, 0x0, 0x2, 0x80000001, 0x96, 0x7, 0x1, 0xfffffffa, 0x1, 0x4, 0xfb, 0x10001, 0x8, 0x8, 0x3, 0x1, 0x100001, 0x1, 0x7, 0x3, 0x40000000, 0x8, 0x3, 0x5, 0x3, 0xb89, 0xf, 0x0, 0x9, 0x3, 0xff, 0x0, 0x2, 0x1ff, 0x4501, 0x9, 0x0, 0x9, 0x7, 0x966, 0x6, 0x10000, 0xf, 0xffffffff, 0x9, 0xe2, 0x1, 0x8, 0x1, 0x8, 0x4, 0x5, 0x3, 0x3, 0x0, 0x80, 0x6, 0x7, 0xc], [0x5, 0x7f, 0x7, 0x9, 0x2, 0x6, 0x45c, 0x5, 0xab73, 0x5, 0x7, 0x0, 0x5, 0xed5a, 0x9, 0x4, 0x9, 0x8, 0x8, 0x3, 0xeb, 0x6, 0x5, 0xff, 0xffffffff, 0x7fff, 0x8, 0xcb7, 0xa3, 0xffff, 0x8, 0x80000000, 0x3, 0x1ff, 0xfffff26e, 0xf81e, 0x6, 0x9, 0xc, 0x8, 0x5, 0xe5, 0x2, 0x4, 0x4, 0x3, 0x0, 0xfffffff9, 0x7, 0x1ff, 0x204000, 0x5, 0x80, 0x9, 0x3, 0x5078, 0xd, 0x8001, 0x8000, 0x3000000, 0x200, 0x45, 0x0, 0x3]}, 0x45c) 9.632641417s ago: executing program 1 (id=4532): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[], 0x50) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) open(&(0x7f0000000000)='./file0\x00', 0x1607c0, 0x78e22799f4a46ffe) r3 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$lock(r3, 0x25, &(0x7f00000002c0)) r4 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) execveat$binfmt(r5, r4, 0x0, 0x0, 0x100) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@newsa={0x150, 0x10, 0x413, 0x0, 0x0, {{@in6=@loopback, @in=@remote, 0xfffd, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x20, 0x0, 0x0, 0xee00}, {@in=@dev={0xac, 0x14, 0x14, 0x24}, 0x20, 0x32}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, {0x0, 0x7, 0x0, 0x4, 0x2000000000000000, 0x4, 0x20000000008, 0x7}, {0x100000001, 0xa, 0xcc}, {0xf6}, 0x70bd2a, 0x4, 0x2, 0x1, 0x1}, [@algo_aead={0x5e, 0x12, {{'rfc4309(ccm(aes))\x00'}, 0x90, 0x40, "3fcf1e925a8a1287335cc431fe8c2b80e004"}}]}, 0x150}, 0x1, 0x0, 0x0, 0x20040400}, 0x804) 9.246520361s ago: executing program 5 (id=4533): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x4, 0x2ffffffff}, 0x2e) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x28, 0x7, 0x0, 0xa56e}, {0x6, 0x0, 0x0, 0xa1a}]}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) 9.180551468s ago: executing program 7 (id=4535): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000380)={0x4, &(0x7f0000000340)=[{}, {}, {}, {}]}) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee3, 0x8031, 0xffffffffffffffff, 0x28f42000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) syz_emit_ethernet(0x6f, &(0x7f0000001c00)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x61, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x4d, 0x0, @wg=@data={0x4, 0x7407, 0xfffffffffffffffd, "9c67524ed6ed152d4f775bbc411126513b67aa2818e6f3aeb55bee6ae1049f195705bc8bd9b1085cd41af77353267df8a1d4cecdb0"}}}}}}, 0x0) recvmmsg(r4, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0xa6d3}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000002c40)=""/4096, 0x1000}], 0x1}, 0x2}], 0x2, 0x100, 0x0) 9.102830144s ago: executing program 5 (id=4536): sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x800) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000ce3400000000000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x3c, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x2, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x0, 0xff, 0x0, 0x2, 0xfffffffe, 0x2, 0x7, 0x4, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0x6, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0xfffffffa, 0x6, 0x10000, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x2a29, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x9, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x477c, 0x26d, 0x6, 0x800, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0x3, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'gre0\x00', &(0x7f0000000200)=@ethtool_ringparam={0x10, 0x80000001, 0x3, 0x1, 0xd, 0xefe, 0x0, 0x0, 0x8}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 8.954236474s ago: executing program 5 (id=4537): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) fcntl$getownex(r2, 0x10, 0x0) ioctl(0xffffffffffffffff, 0x8b22, &(0x7f0000000040)) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x100, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r3, 0x0, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) 7.360337145s ago: executing program 1 (id=4541): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setpgid(r2, r2) bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = syz_open_dev$usbfs(0x0, 0x76, 0x101301) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl$USBDEVFS_CLEAR_HALT(r4, 0xc0105502, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 7.058664727s ago: executing program 7 (id=4542): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000000600)=""/102400, 0x19000) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, 0x0, &(0x7f00000001c0)) bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) sendmmsg(r1, 0x0, 0x0, 0x2004c8e4) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @win={{0x8000, 0x6, 0x9, 0x4}, 0x9, 0x11, &(0x7f0000000100)={{0xfffff800, 0x6, 0x19cb7df7, 0x1}}, 0x1, 0x0, 0xa}}}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000)=0x7, 0x4) ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, "8000"}, 0x0, 0x2, {}, 0x20800}) 5.77672739s ago: executing program 1 (id=4543): openat$fb0(0xffffffffffffff9c, &(0x7f0000000540), 0x418c00, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x2, 0x3, 0xffffe000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xffffffffffffffff]}, 0x0, 0x8) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_RUN(r3, 0xae80, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) sched_setattr(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 4.908026572s ago: executing program 5 (id=4546): r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0xff}, 0x0) ioctl$SNDCTL_TMR_CONTINUE(0xffffffffffffffff, 0x5404) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) msgctl$MSG_INFO(0x0, 0xc, &(0x7f00000001c0)=""/12) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x2) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000000000000001"], 0x14}}, 0x0) read(r0, 0x0, 0x0) 4.806827957s ago: executing program 9 (id=4547): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) setfsuid(0x0) r3 = socket(0x1, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r4, r4) fstat(r1, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x800) recvmmsg$unix(r6, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) 4.671263167s ago: executing program 7 (id=4548): socket(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r2, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x50, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) syz_open_dev$sg(&(0x7f0000000080), 0xf9ba, 0x143882) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240040c1}, 0x0) 3.786253375s ago: executing program 9 (id=4549): sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) gettid() socket$inet_udp(0x2, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r2 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) 3.568381601s ago: executing program 3 (id=4550): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x121002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) alarm(0x8000000000000001) alarm(0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rt_tgsigqueueinfo(r1, r1, 0x39, 0x0) lremovexattr(0x0, 0x0) syz_open_dev$vcsa(0x0, 0x5, 0x88043) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) write$UHID_INPUT(r5, &(0x7f0000002080)={0x200f, {"20e30a30ed0d09f91b5e070987f70e06d038e7ff7fc6e5539b0d3e0e8b089b3f363063030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c526db51b1b5b31070d0773090acd3b78130daa61d8e8040001000000b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19300305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f6709000000a141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a027d5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf050000008000000000f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b3f3f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7af1d0e54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c01008e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2f5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d21488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e1a63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e09d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a603336c00000077cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046ca5b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe6531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e6586df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59555e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0d8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb601203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f900000930dedf800", 0x1000}}, 0x1006) ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f0000000040)) 3.515751958s ago: executing program 5 (id=4551): openat$kvm(0xffffffffffffff9c, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f00000029c0)={0x0, 0x31000000, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0x6, 0x1, 0x0, 0x0, @str='\x15\x00'}]}, 0x1c}}, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000240), r4) sendmsg$SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008040}, 0x0) mlockall(0x2) shmget$private(0x0, 0x2000, 0x78000808, &(0x7f00004df000/0x2000)=nil) 3.378101259s ago: executing program 9 (id=4552): r0 = open(0x0, 0x0, 0x0) flock(r0, 0x2) fcntl$getown(r0, 0x9) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c45, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040), 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r3, 0x0, 0x1, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000600)='4', 0x1}], 0x1, 0x0) write$binfmt_script(r5, &(0x7f00000000c0), 0xb) flock(0xffffffffffffffff, 0x1) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x10}, 0x12) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) 2.973637011s ago: executing program 9 (id=4553): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x17c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f0000000440)={0x4, 0x36a56ba2}, 0x0) syz_80211_inject_frame(0x0, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x7, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x35) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000080)=@ccm_128={{0x304}, "f64e4099107323f5", "53c272d8b763f690b35605dff8a4a8d2", "3da2d199", "72392a24199b5903"}, 0x28) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x286}, "d88e8cd722e608e6", "81003decf6394dbf86f3ec0ee6180b73bf6721d332b3855f30dfa45bffcac63d", "a5ec0659", "5341ae8760bcd723"}, 0x38) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f0000000200)='freezer.parent_freezing\x00', 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04230d00c90001"], 0x10) 1.786441398s ago: executing program 5 (id=4554): r0 = openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000006600)='/sys/fs/smackfs/access2\x00', 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = socket$unix(0x1, 0x2, 0x0) bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(0xffffffffffffffff, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000200)=@abs={0x0, 0x0, 0x3}, 0x6e) close(r4) write$smackfs_access(r0, &(0x7f0000006640)={'}[{', 0x20, '', 0x20, 'a'}, 0x7) 1.610291842s ago: executing program 9 (id=4555): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket$xdp(0x2c, 0x3, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$l2tp6(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902"], 0x0) accept4(r3, 0x0, 0x0, 0x800) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r4], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001240)=@newtfilter={0x24, 0x10, 0x1, 0x0, 0xfffffffc, {0x0, 0x0, 0x74, r2, {}, {0x7, 0x1}, {0xa, 0x1}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x60001d0}, 0xc084) 1.375063858s ago: executing program 9 (id=4556): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c) r4 = dup(r3) r5 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x30, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x3, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x1, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x3c}, 0x2, @in=@empty, 0x3504, 0x4, 0x3, 0x0, 0x0, 0xfffffffe, 0x20000}]}]}, 0xfc}}, 0x0) ftruncate(r5, 0x200004) sendfile(r4, r5, 0x0, 0x80001d00c0d1) 0s ago: executing program 7 (id=4557): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) r4 = fcntl$dupfd(r3, 0x406, r3) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0x20000001}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r5, &(0x7f0000000100)={0x80000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x2, 0x40) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000000)={r5, r6, 0x20d}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) kernel console output (not intermixed with test programs): 55222][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 6940 ms [ 371.355262][ C1] lec:lec_tx_timeout: lec0 [ 371.356827][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 373.642098][T10170] chnl_net:caif_netlink_parms(): no params data found [ 377.322190][ T8448] bridge_slave_1: left allmulticast mode [ 377.322223][ T8448] bridge_slave_1: left promiscuous mode [ 377.322545][ T8448] bridge0: port 2(bridge_slave_1) entered disabled state [ 377.451903][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 6100 ms [ 377.451939][ C1] lec:lec_tx_timeout: lec0 [ 377.452229][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 377.679326][ T8448] bridge_slave_0: left allmulticast mode [ 377.679351][ T8448] bridge_slave_0: left promiscuous mode [ 377.679516][ T8448] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.224274][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5770 ms [ 383.224313][ C1] lec:lec_tx_timeout: lec0 [ 383.224554][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 383.880607][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.880658][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.292132][ T5801] Bluetooth: hci6: command 0x0405 tx timeout [ 387.233639][ T8448] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 387.414532][ T8448] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 387.689542][ T8448] bond0 (unregistering): Released all slaves [ 388.553038][ T9] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 388.750574][ T9] usb 2-1: config 12 has an invalid interface number: 20 but max is 0 [ 388.750609][ T9] usb 2-1: config 12 has no interface number 0 [ 388.750645][ T9] usb 2-1: config 12 interface 20 has no altsetting 0 [ 388.888085][ T9] usb 2-1: New USB device found, idVendor=1164, idProduct=0622, bcdDevice=aa.ec [ 388.888111][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.888124][ T9] usb 2-1: Product: syz [ 388.888132][ T9] usb 2-1: Manufacturer: syz [ 388.888141][ T9] usb 2-1: SerialNumber: syz [ 388.973596][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5750 ms [ 388.973633][ C1] lec:lec_tx_timeout: lec0 [ 388.973978][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 389.062265][T10170] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.062489][T10170] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.062761][T10170] bridge_slave_0: entered allmulticast mode [ 389.165524][T10170] bridge_slave_0: entered promiscuous mode [ 389.234600][ T9] pvrusb2: Hardware description: Gotview USB 2.0 DVD 2 [ 389.235589][ T9] usb 2-1: selecting invalid altsetting 0 [ 389.269672][ T2363] pvrusb2: Invalid write control endpoint [ 389.331938][ T9] usb 2-1: USB disconnect, device number 14 [ 389.646555][ T2363] pvrusb2: Invalid write control endpoint [ 389.646569][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 389.646575][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 389.646580][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 389.646586][ T2363] pvrusb2: Device being rendered inoperable [ 389.646884][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 389.646943][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 389.819991][ T2363] pvrusb2: Attached sub-driver cx25840 [ 390.082417][ T2363] pvrusb2: Attempted to execute control transfer when device not ok [ 390.082455][ T2363] pvrusb2: Attempted to execute control transfer when device not ok [ 390.082482][ T2363] pvrusb2: Attempted to execute control transfer when device not ok [ 390.082508][ T2363] pvrusb2: Attempted to execute control transfer when device not ok [ 390.082520][ T2363] pvrusb2: Module ID 4 (tuner) for device Gotview USB 2.0 DVD 2 failed to load. Possible missing sub-device kernel module or initialization failure within module. [ 390.243402][T10170] bridge0: port 2(bridge_slave_1) entered blocking state [ 390.270250][T10170] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.270528][T10170] bridge_slave_1: entered allmulticast mode [ 390.294197][T10170] bridge_slave_1: entered promiscuous mode [ 390.653388][ T2363] TUNER: Unable to find symbol tda829x_probe() [ 391.236788][T10170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 391.351530][T10170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 391.393227][ T2363] DVB: Unable to find symbol tda9887_attach() [ 391.393246][ T2363] tuner: 1-0043: Tuner 4 found with type(s) Radio TV. [ 391.393727][ T2363] pvrusb2: Attached sub-driver tuner [ 391.393740][ T2363] pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the failure of one or more sub-device kernel modules. [ 391.393753][ T2363] pvrusb2: You need to resolve the failing condition before this driver can function. There should be some earlier messages giving more information about the problem. [ 391.744054][ T8448] hsr_slave_0: left promiscuous mode [ 391.745339][ T8448] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 391.749703][T10344] udevd[10344]: setting owner of /dev/bus/usb/002/014 to uid=0, gid=0 failed: No such file or directory [ 391.798921][ T8448] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 391.798950][ T8448] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 391.958505][ T8448] veth1_macvtap: left promiscuous mode [ 391.958633][ T8448] veth0_macvtap: left promiscuous mode [ 391.958810][ T8448] veth1_vlan: left promiscuous mode [ 391.958916][ T8448] veth0_vlan: left promiscuous mode [ 392.172065][ T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 392.332266][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 392.334734][ T9] usb 2-1: config 0 has an invalid interface number: 143 but max is 0 [ 392.334762][ T9] usb 2-1: config 0 has no interface number 0 [ 392.334807][ T9] usb 2-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b [ 392.334830][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.338911][ T9] usb 2-1: config 0 descriptor?? [ 392.484338][T10417] 9pnet_virtio: no channels available for device syz [ 392.538063][ T9] viperboard 2-1:0.143: version 0.00 found at bus 002 address 015 [ 392.676611][ T9] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100 [ 392.676636][ T9] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 392.728232][ T9] usb 2-1: USB disconnect, device number 15 [ 393.724199][ T5797] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 393.755056][ T5797] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 393.757445][ T5797] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 393.782226][ T5797] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 393.783242][ T5797] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 394.011962][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5040 ms [ 394.011999][ C1] lec:lec_tx_timeout: lec0 [ 394.012163][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 396.012180][ T5797] Bluetooth: hci1: command tx timeout [ 397.065023][ T8448] team0 (unregistering): Port device team_slave_1 removed [ 397.236831][ T67] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 397.354111][ T8448] team0 (unregistering): Port device team_slave_0 removed [ 398.102119][ T5797] Bluetooth: hci1: command tx timeout [ 399.032142][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms [ 399.032181][ C1] lec:lec_tx_timeout: lec0 [ 399.032340][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 400.290827][T10170] team0: Port device team_slave_0 added [ 400.347503][T10170] team0: Port device team_slave_1 added [ 400.396744][ T5797] Bluetooth: hci1: command tx timeout [ 401.790096][T10170] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 401.790657][T10170] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 401.790689][T10170] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 401.833732][T10170] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 401.833750][T10170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 401.833777][T10170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 402.172386][T10170] hsr_slave_0: entered promiscuous mode [ 402.174159][T10170] hsr_slave_1: entered promiscuous mode [ 402.175278][T10170] debugfs: 'hsr0' already exists in 'hsr' [ 402.175305][T10170] Cannot create hsr debugfs directory [ 402.418156][ T5797] Bluetooth: hci1: command tx timeout [ 402.625064][ T5797] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 402.654591][ T5797] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 402.658352][ T5797] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 402.673617][ T5797] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 402.692045][ T5797] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 403.127922][T10502] netdevsim netdevsim1 netdevsim1: entered allmulticast mode [ 404.042228][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 404.042333][ C1] lec:lec_tx_timeout: lec0 [ 404.045688][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 404.825432][T10434] chnl_net:caif_netlink_parms(): no params data found [ 404.892046][ T5797] Bluetooth: hci4: command tx timeout [ 405.318264][ T37] audit: type=1326 audit(1770692926.228:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10554 comm="syz.0.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e9617af79 code=0x7ffc0000 [ 405.318325][ T37] audit: type=1326 audit(1770692926.228:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10554 comm="syz.0.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e9617af79 code=0x7ffc0000 [ 405.318372][ T37] audit: type=1326 audit(1770692926.228:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10554 comm="syz.0.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f7e9617af79 code=0x7ffc0000 [ 405.318419][ T37] audit: type=1326 audit(1770692926.228:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10554 comm="syz.0.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e9617af79 code=0x7ffc0000 [ 405.318466][ T37] audit: type=1326 audit(1770692926.228:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10554 comm="syz.0.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e9617af79 code=0x7ffc0000 [ 406.490430][T10582] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 406.534256][T10585] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1592'. [ 406.958792][T10434] bridge0: port 1(bridge_slave_0) entered blocking state [ 406.958934][T10434] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.959173][T10434] bridge_slave_0: entered allmulticast mode [ 406.972014][ T5797] Bluetooth: hci4: command tx timeout [ 406.976037][T10434] bridge_slave_0: entered promiscuous mode [ 407.793053][T10434] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.793196][T10434] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.793426][T10434] bridge_slave_1: entered allmulticast mode [ 407.795206][T10434] bridge_slave_1: entered promiscuous mode [ 408.246639][T10612] bridge2: entered promiscuous mode [ 408.287208][T10434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 408.497994][T10434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 408.565548][T10494] chnl_net:caif_netlink_parms(): no params data found [ 408.753796][T10434] team0: Port device team_slave_0 added [ 408.819157][T10434] team0: Port device team_slave_1 added [ 408.902008][ T5987] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 409.051897][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 409.051935][ C1] lec:lec_tx_timeout: lec0 [ 409.052195][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 409.055838][ T5797] Bluetooth: hci4: command tx timeout [ 409.058376][ T5987] usb 2-1: config 0 has an invalid interface number: 3 but max is 2 [ 409.058406][ T5987] usb 2-1: config 0 has an invalid interface number: 176 but max is 2 [ 409.058429][ T5987] usb 2-1: config 0 has no interface number 1 [ 409.058445][ T5987] usb 2-1: config 0 has no interface number 2 [ 409.058528][ T5987] usb 2-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 409.058554][ T5987] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.076910][ T5987] usb 2-1: config 0 descriptor?? [ 409.305808][ T5987] qcserial 2-1:0.3: Qualcomm USB modem converter detected [ 409.430394][T10434] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 409.430414][T10434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 409.430446][T10434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 409.595857][ T5987] usb 2-1: USB disconnect, device number 16 [ 409.644732][ T5987] qcserial 2-1:0.3: device disconnected [ 409.810548][T10434] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 409.810569][T10434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 409.810601][T10434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 410.053389][T10494] bridge0: port 1(bridge_slave_0) entered blocking state [ 410.053539][T10494] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.053823][T10494] bridge_slave_0: entered allmulticast mode [ 410.064442][T10494] bridge_slave_0: entered promiscuous mode [ 410.180678][T10494] bridge0: port 2(bridge_slave_1) entered blocking state [ 410.194252][T10494] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.194977][T10494] bridge_slave_1: entered allmulticast mode [ 410.200098][T10494] bridge_slave_1: entered promiscuous mode [ 411.123920][T10434] hsr_slave_0: entered promiscuous mode [ 411.125438][T10434] hsr_slave_1: entered promiscuous mode [ 411.126628][T10434] debugfs: 'hsr0' already exists in 'hsr' [ 411.126657][T10434] Cannot create hsr debugfs directory [ 411.132264][ T5797] Bluetooth: hci4: command tx timeout [ 411.323564][T10494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 411.345494][T10494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 411.911265][ T8448] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.010395][T10494] team0: Port device team_slave_0 added [ 412.081109][T10494] team0: Port device team_slave_1 added [ 413.647474][ T8448] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.700701][T10494] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 413.700715][T10494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 413.700732][T10494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 413.803835][T10494] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 413.803856][T10494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 413.803885][T10494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 414.071902][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms [ 414.071958][ C1] lec:lec_tx_timeout: lec0 [ 414.072202][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 414.105805][ T8448] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.222056][ T36] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 414.372111][ T36] usb 2-1: Using ep0 maxpacket: 8 [ 414.374483][ T36] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 414.374505][ T36] usb 2-1: config 0 has no interface number 0 [ 414.374534][ T36] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 414.374553][ T36] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 414.374570][ T36] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 414.374585][ T36] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 414.374612][ T36] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 414.374627][ T36] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.381198][ T36] usb 2-1: config 0 descriptor?? [ 414.552254][ T36] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 414.614827][ T8448] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.769382][ T807] usb 2-1: USB disconnect, device number 17 [ 414.773300][T10494] hsr_slave_0: entered promiscuous mode [ 414.796715][ T807] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 414.808117][T10494] hsr_slave_1: entered promiscuous mode [ 414.815430][T10494] debugfs: 'hsr0' already exists in 'hsr' [ 414.815463][T10494] Cannot create hsr debugfs directory [ 416.213922][ T8448] bridge_slave_1: left allmulticast mode [ 416.213953][ T8448] bridge_slave_1: left promiscuous mode [ 416.214263][ T8448] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.593956][ T8448] bridge_slave_0: left allmulticast mode [ 416.593991][ T8448] bridge_slave_0: left promiscuous mode [ 416.594295][ T8448] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.563360][ T8448] bridge_slave_1: left allmulticast mode [ 417.563394][ T8448] bridge_slave_1: left promiscuous mode [ 417.563670][ T8448] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.633755][ T8448] bridge_slave_0: left allmulticast mode [ 417.633781][ T8448] bridge_slave_0: left promiscuous mode [ 417.633951][ T8448] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.705398][ T8448] bridge_slave_1: left allmulticast mode [ 417.705423][ T8448] bridge_slave_1: left promiscuous mode [ 417.705630][ T8448] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.773074][ T8448] bridge_slave_0: left allmulticast mode [ 417.773111][ T8448] bridge_slave_0: left promiscuous mode [ 417.773326][ T8448] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.392665][ T8448] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 418.493076][ T8448] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 418.561224][ T8448] bond0 (unregistering): Released all slaves [ 418.853009][ T8448] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 418.932764][ T8448] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 418.998554][ T8448] bond0 (unregistering): Released all slaves [ 419.101886][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5030 ms [ 419.101922][ C1] lec:lec_tx_timeout: lec0 [ 419.102140][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 419.548617][T10774] netlink: 'syz.5.1655': attribute type 83 has an invalid length. [ 420.703154][ T8448] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 420.763004][ T8448] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 420.804650][ T8448] bond0 (unregistering): Released all slaves [ 420.830967][T10772] team_slave_1: entered promiscuous mode [ 420.840897][T10772] A link change request failed with some changes committed already. Interface team_slave_1 may have been left with an inconsistent configuration, please check. [ 421.188161][ T8448] : left promiscuous mode [ 422.779327][T10494] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 423.978089][T10494] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 424.065990][T10494] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 424.112079][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 424.112117][ C1] lec:lec_tx_timeout: lec0 [ 424.112229][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 424.707588][T10494] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 427.482076][ T8448] hsr_slave_0: left promiscuous mode [ 427.527455][ T8448] hsr_slave_1: left promiscuous mode [ 427.529779][ T8448] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 427.573555][ T8448] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 427.735988][T10878] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1690'. [ 427.787874][T10881] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1691'. [ 427.801213][ T8448] hsr_slave_0: left promiscuous mode [ 427.832164][ T8448] hsr_slave_1: left promiscuous mode [ 427.833437][ T8448] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 427.906731][ T8448] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 428.212314][ T8448] hsr_slave_0: left promiscuous mode [ 428.246088][ T8448] hsr_slave_1: left promiscuous mode [ 428.246899][ T8448] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 428.246918][ T8448] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 428.506213][ T8448] veth1_macvtap: left promiscuous mode [ 428.509735][ T8448] veth0_macvtap: left promiscuous mode [ 428.510612][ T8448] veth1_vlan: left promiscuous mode [ 428.510737][ T8448] veth0_vlan: left promiscuous mode [ 429.121983][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 429.122024][ C1] lec:lec_tx_timeout: lec0 [ 429.123105][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 429.551202][T10900] netlink: 'syz.0.1698': attribute type 1 has an invalid length. [ 429.551231][T10900] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 429.762761][ T8448] team0 (unregistering): Port device team_slave_1 removed [ 429.927028][ T8448] team0 (unregistering): Port device team_slave_0 removed [ 432.493266][ T8448] team0 (unregistering): Port device team_slave_1 removed [ 432.633419][ T8448] team0 (unregistering): Port device team_slave_0 removed [ 434.131981][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 434.132008][ C1] lec:lec_tx_timeout: lec0 [ 434.132080][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 435.602584][ T8448] team0 (unregistering): Port device team_slave_1 removed [ 435.882716][ T8448] team0 (unregistering): Port device team_slave_0 removed [ 438.723286][T10894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1695'. [ 438.723413][T10894] tipc: Enabling of bearer rejected, failed to enable media [ 438.729500][T10434] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 438.932148][T10434] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 438.964849][T10434] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 439.047937][T10434] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 439.121970][ T5987] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 439.141936][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 439.141972][ C1] lec:lec_tx_timeout: lec0 [ 439.142110][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 439.302150][ T5987] usb 2-1: Using ep0 maxpacket: 32 [ 439.320722][ T5987] usb 2-1: config 0 has an invalid interface number: 191 but max is 0 [ 439.320754][ T5987] usb 2-1: config 0 has no interface number 0 [ 439.320817][ T5987] usb 2-1: config 0 interface 191 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 24 [ 439.422495][ T5987] usb 2-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=2c.d1 [ 439.422530][ T5987] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.422550][ T5987] usb 2-1: Product: syz [ 439.422566][ T5987] usb 2-1: Manufacturer: syz [ 439.422583][ T5987] usb 2-1: SerialNumber: syz [ 439.465549][ T5987] usb 2-1: config 0 descriptor?? [ 439.472629][T10911] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 439.884577][T10911] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 440.474925][ T5987] asix 2-1:0.191 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 440.474959][ T5987] asix 2-1:0.191 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 440.475252][ T5987] asix 2-1:0.191: probe with driver asix failed with error -71 [ 440.481056][ T5987] usb 2-1: USB disconnect, device number 18 [ 440.556716][T10494] 8021q: adding VLAN 0 to HW filter on device bond0 [ 440.867415][T10494] 8021q: adding VLAN 0 to HW filter on device team0 [ 440.899781][ T85] bridge0: port 1(bridge_slave_0) entered blocking state [ 440.900019][ T85] bridge0: port 1(bridge_slave_0) entered forwarding state [ 440.918425][ T1175] bridge0: port 2(bridge_slave_1) entered blocking state [ 440.922355][ T1175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 440.928827][T10434] 8021q: adding VLAN 0 to HW filter on device bond0 [ 441.135394][T10434] 8021q: adding VLAN 0 to HW filter on device team0 [ 441.280266][ T8464] bridge0: port 1(bridge_slave_0) entered blocking state [ 441.283492][ T8464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 441.308590][ T8464] bridge0: port 2(bridge_slave_1) entered blocking state [ 441.308866][ T8464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 441.340082][T10947] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1710'. [ 441.340109][T10947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1710'. [ 441.340134][T10947] netlink: 'syz.1.1710': attribute type 13 has an invalid length. [ 441.340151][T10947] netlink: 'syz.1.1710': attribute type 12 has an invalid length. [ 443.706053][T10494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 444.152069][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 444.154771][ C1] lec:lec_tx_timeout: lec0 [ 444.154867][T10990] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096 [ 444.154883][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 444.414717][T10434] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 445.306676][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.306796][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.434624][T10494] veth0_vlan: entered promiscuous mode [ 445.507947][T10494] veth1_vlan: entered promiscuous mode [ 445.687991][T10494] veth0_macvtap: entered promiscuous mode [ 445.736362][T10494] veth1_macvtap: entered promiscuous mode [ 445.840505][T10494] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 445.900617][T10494] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 445.985658][ T8446] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.989210][ T8446] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.991700][ T8446] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.993361][ T8446] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.318641][T10434] veth0_vlan: entered promiscuous mode [ 446.478629][T10434] veth1_vlan: entered promiscuous mode [ 446.993490][ T5991] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.993517][ T5991] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 447.138391][T10434] veth0_macvtap: entered promiscuous mode [ 447.230403][T10434] veth1_macvtap: entered promiscuous mode [ 447.251256][ T1175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 447.251280][ T1175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 447.444024][T10434] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 447.499609][T10434] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 447.563657][ T67] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.563745][ T67] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.563784][ T67] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.566947][ T67] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.474737][ T8471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 448.474762][ T8471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 448.601996][ T835] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 448.776416][ T835] usb 9-1: config 0 has no interfaces? [ 448.776461][ T835] usb 9-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 448.776486][ T835] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.824311][ T835] usb 9-1: config 0 descriptor?? [ 448.893654][ T8446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 448.893677][ T8446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 449.161883][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 449.161920][ C1] lec:lec_tx_timeout: lec0 [ 449.162007][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 449.573062][T11056] usb 9-1: USB disconnect, device number 2 [ 451.321946][ T835] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 451.495484][ T835] usb 9-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 451.495519][ T835] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.526472][ T835] usb 9-1: config 0 descriptor?? [ 451.540573][ T835] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 451.950004][ T835] gp8psk: usb in 128 operation failed. [ 451.960004][ T835] gp8psk: usb in 137 operation failed. [ 451.960026][ T835] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 451.982605][ T835] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver) [ 451.982680][ T835] usb 9-1: media controller created [ 452.053893][ T835] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 452.127828][ T835] gp8psk_fe: Frontend attached [ 452.129910][ T835] usb 9-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 452.131656][ T835] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 452.270942][ T835] gp8psk: usb in 138 operation failed. [ 452.270965][ T835] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected. [ 452.270978][ T835] gp8psk: found Genpix USB device pID = 203 (hex) [ 452.300866][ T835] usb 9-1: USB disconnect, device number 3 [ 452.539135][ T835] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected. [ 453.191960][ T835] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 453.363280][T11144] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 453.471967][ T835] usb 9-1: Using ep0 maxpacket: 32 [ 453.489370][ T835] usb 9-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 453.489405][ T835] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.489423][ T835] usb 9-1: Product: syz [ 453.489439][ T835] usb 9-1: Manufacturer: syz [ 453.489448][ T835] usb 9-1: SerialNumber: syz [ 453.494231][ T835] usb 9-1: config 0 descriptor?? [ 454.171880][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 454.171921][ C1] lec:lec_tx_timeout: lec0 [ 454.172015][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 454.281986][ T835] peak_usb 9-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 454.534544][ T835] peak_usb 9-1:0.0: probe with driver peak_usb failed with error -71 [ 454.558069][ T835] usb 9-1: USB disconnect, device number 4 [ 455.319279][T11174] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 455.395305][T11182] netlink: 'syz.0.1770': attribute type 1 has an invalid length. [ 456.941975][ T31] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 457.104398][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 457.104451][ T31] usb 2-1: New USB device found, idVendor=18d1, idProduct=503c, bcdDevice= 0.00 [ 457.104476][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.147783][ T31] usb 2-1: config 0 descriptor?? [ 457.640057][ T31] hid-generic 0003:18D1:503C.000C: hidraw0: USB HID v10.00 Device [HID 18d1:503c] on usb-dummy_hcd.1-1/input0 [ 457.785470][ T5898] usb 2-1: USB disconnect, device number 19 [ 458.049089][T11227] fido_id[11227]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 458.123651][T11234] tipc: Started in network mode [ 458.123685][T11234] tipc: Node identity fc000000000000000000000000000001, cluster identity 4711 [ 458.123742][T11234] tipc: Enabling of bearer rejected, failed to enable media [ 459.181994][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 459.182034][ C1] lec:lec_tx_timeout: lec0 [ 459.182160][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 459.652189][T11294] netlink: 'syz.1.1815': attribute type 12 has an invalid length. [ 459.652217][T11294] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1815'. [ 460.913035][T11332] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1828'. [ 462.667512][T11357] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1836'. [ 463.631952][ T835] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 463.814193][ T835] usb 2-1: Using ep0 maxpacket: 8 [ 463.842187][ T835] usb 2-1: New USB device found, idVendor=044f, idProduct=b324, bcdDevice= 0.00 [ 463.842224][ T835] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.872321][ T835] usb 2-1: config 0 descriptor?? [ 464.192011][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 464.192036][ C1] lec:lec_tx_timeout: lec0 [ 464.192133][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 464.544968][ T835] thrustmaster 0003:044F:B324.000D: item fetching failed at offset 3/5 [ 464.545843][ T835] thrustmaster 0003:044F:B324.000D: parse failed [ 464.545925][ T835] thrustmaster 0003:044F:B324.000D: probe with driver thrustmaster failed with error -22 [ 464.764736][ T5898] usb 2-1: USB disconnect, device number 20 [ 467.265022][T11454] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1872'. [ 467.634270][ T835] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 467.875724][ T835] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 467.875761][ T835] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.875784][ T835] usb 9-1: Product: syz [ 467.875800][ T835] usb 9-1: Manufacturer: syz [ 467.875817][ T835] usb 9-1: SerialNumber: syz [ 467.967132][ T835] usb 9-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 468.072072][T11474] netlink: 296 bytes leftover after parsing attributes in process `syz.7.1879'. [ 468.137700][T11056] usb 9-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 469.865012][ T31] usb 9-1: USB disconnect, device number 5 [ 469.888838][T11056] ath9k_htc 9-1:1.0: ath9k_htc: Target is unresponsive [ 469.889575][T11056] ath9k_htc: Failed to initialize the device [ 469.906855][ T31] usb 9-1: ath9k_htc: USB layer deinitialized [ 470.251936][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 6060 ms [ 470.251975][ C1] lec:lec_tx_timeout: lec0 [ 470.252943][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 471.916526][T11522] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1896'. [ 471.932023][T11056] IPVS: starting estimator thread 0... [ 472.036453][T11524] IPVS: using max 13 ests per chain, 31200 per kthread [ 474.775675][ T5987] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 475.213447][T11580] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1915'. [ 475.341968][ T5987] usb 2-1: Using ep0 maxpacket: 16 [ 475.343836][ T5987] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 475.343857][ T5987] usb 2-1: config 0 interface 0 has no altsetting 0 [ 475.343877][ T5987] usb 2-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 475.343892][ T5987] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.347004][ T5987] usb 2-1: config 0 descriptor?? [ 475.780341][ T5987] kye 0003:0458:0138.000E: unknown main item tag 0x0 [ 475.780368][ T5987] kye 0003:0458:0138.000E: unknown main item tag 0x0 [ 475.780384][ T5987] kye 0003:0458:0138.000E: unknown main item tag 0x0 [ 475.780400][ T5987] kye 0003:0458:0138.000E: unknown main item tag 0x0 [ 475.780417][ T5987] kye 0003:0458:0138.000E: unknown main item tag 0x0 [ 475.780435][ T5987] kye 0003:0458:0138.000E: unknown main item tag 0x0 [ 475.780450][ T5987] kye 0003:0458:0138.000E: unknown main item tag 0x0 [ 475.780466][ T5987] kye 0003:0458:0138.000E: unknown main item tag 0x0 [ 475.780483][ T5987] kye 0003:0458:0138.000E: unknown main item tag 0x0 [ 475.780499][ T5987] kye 0003:0458:0138.000E: unknown main item tag 0x0 [ 475.800074][T11594] xt_l2tp: v2 sid > 0xffff: 1114112 [ 475.815467][ T5987] kye 0003:0458:0138.000E: hidraw0: USB HID v0.00 Device [HID 0458:0138] on usb-dummy_hcd.1-1/input0 [ 475.987347][T11056] usb 2-1: USB disconnect, device number 21 [ 476.012998][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5760 ms [ 476.013035][ C1] lec:lec_tx_timeout: lec0 [ 476.014108][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 476.128728][T11597] fido_id[11597]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 477.202035][T11612] sg_write: data in/out 139228/57 bytes for SCSI command 0x0-- guessing data in; [ 477.202035][T11612] program syz.1.1926 not setting count and/or reply_len properly [ 477.917624][T11631] tracefs: Unknown parameter '/' [ 478.878436][T11647] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1939'. [ 478.878455][T11647] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1939'. [ 478.878473][T11647] netlink: 'syz.5.1939': attribute type 18 has an invalid length. [ 478.878483][T11647] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1939'. [ 479.017881][T11652] netlink: 'syz.7.1942': attribute type 5 has an invalid length. [ 479.792450][T11660] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303 [ 481.021862][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 481.021901][ C1] lec:lec_tx_timeout: lec0 [ 481.022016][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 482.874827][T11755] Bluetooth: MGMT ver 1.23 [ 483.103891][T11761] vlan0: entered promiscuous mode [ 483.103916][T11761] syz_tun: entered promiscuous mode [ 484.201419][ T36] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 484.357587][ T36] usb 9-1: Using ep0 maxpacket: 32 [ 484.360955][ T36] usb 9-1: unable to get BOS descriptor or descriptor too short [ 484.368793][ T36] usb 9-1: config 128 has an invalid interface number: 127 but max is 3 [ 484.368823][ T36] usb 9-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 484.368842][ T36] usb 9-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 484.368862][ T36] usb 9-1: config 128 has no interface number 0 [ 484.368909][ T36] usb 9-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 1828, setting to 1024 [ 484.368936][ T36] usb 9-1: config 128 interface 127 has no altsetting 0 [ 484.409912][ T36] usb 9-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 484.409947][ T36] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.409966][ T36] usb 9-1: Product: syz [ 484.409981][ T36] usb 9-1: Manufacturer: syz [ 484.409995][ T36] usb 9-1: SerialNumber: syz [ 484.435847][T11792] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 484.713446][T11802] sg_write: data in/out 262109/64 bytes for SCSI command 0x69-- guessing data in; [ 484.713446][T11802] program syz.7.1993 not setting count and/or reply_len properly [ 484.923757][ T36] usb 9-1: USB disconnect, device number 6 [ 485.142032][T10912] udevd[10912]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 486.024578][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 486.024619][ C1] lec:lec_tx_timeout: lec0 [ 486.024734][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 487.492830][T11875] sp0: Synchronizing with TNC [ 487.654599][ T36] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 487.819990][ T36] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 487.820028][ T36] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.852968][ T36] usb 9-1: config 0 descriptor?? [ 487.867580][ T36] cp210x 9-1:0.0: cp210x converter detected [ 488.297773][ T36] cp210x 9-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 488.357451][ T36] usb 9-1: cp210x converter now attached to ttyUSB0 [ 488.513457][ T36] usb 9-1: USB disconnect, device number 7 [ 488.538549][ T36] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 488.666199][ T36] cp210x 9-1:0.0: device disconnected [ 488.821310][T11905] netlink: 112 bytes leftover after parsing attributes in process `syz.5.2027'. [ 488.954268][T11908] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2028'. [ 489.724780][T11933] netlink: 212340 bytes leftover after parsing attributes in process `syz.5.2036'. [ 489.724914][T11933] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 490.332430][ T36] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 490.392958][T11951] 9p: Bad value for 'rfdno' [ 490.486041][ T36] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 490.486080][ T36] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 490.486122][ T36] usb 9-1: New USB device found, idVendor=28bd, idProduct=0075, bcdDevice= 0.00 [ 490.486148][ T36] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.552558][ T36] usb 9-1: config 0 descriptor?? [ 490.997412][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 490.997445][ C1] lec:lec_tx_timeout: lec0 [ 490.999065][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 491.062400][ T36] uclogic 0003:28BD:0075.000F: interface is invalid, ignoring [ 491.217550][ T31] usb 9-1: USB disconnect, device number 8 [ 491.884054][T11990] netlink: 'syz.8.2054': attribute type 32 has an invalid length. [ 492.083004][T11995] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 494.413790][ T31] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 494.573082][ T31] usb 2-1: Using ep0 maxpacket: 32 [ 494.575496][ T31] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 494.575525][ T31] usb 2-1: config 0 has no interface number 0 [ 494.575579][ T31] usb 2-1: config 0 interface 184 has no altsetting 0 [ 494.578764][ T31] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 494.578794][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.578816][ T31] usb 2-1: Product: syz [ 494.578832][ T31] usb 2-1: Manufacturer: syz [ 494.578848][ T31] usb 2-1: SerialNumber: syz [ 494.604588][ T31] usb 2-1: config 0 descriptor?? [ 494.629516][ T31] smsc75xx v1.0.0 [ 494.849755][ T31] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 494.849793][ T31] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 494.849815][ T31] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 494.850163][ T31] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 494.900788][ T31] usb 2-1: USB disconnect, device number 22 [ 495.211532][T12079] tap0: tun_chr_ioctl cmd 1074025677 [ 495.211798][T12079] tap0: linktype set to 774 [ 495.973439][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 495.973491][ C1] lec:lec_tx_timeout: lec0 [ 495.973588][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 497.123227][T12128] PKCS7: Unknown OID: [5] 0.0 [ 497.123247][T12128] PKCS7: Only support pkcs7_signedData type [ 499.569572][T12175] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2112'. [ 500.705228][T12205] netlink: 'syz.5.2125': attribute type 12 has an invalid length. [ 500.705257][T12205] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2125'. [ 500.951522][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 500.951560][ C1] lec:lec_tx_timeout: lec0 [ 500.951666][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 501.061451][ T5869] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 501.222546][ T5869] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 501.222652][ T5869] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 501.222684][ T5869] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 501.222708][ T5869] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 501.222754][ T5869] usb 9-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00 [ 501.222779][ T5869] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.306670][ T5869] usb 9-1: config 0 descriptor?? [ 501.758690][ T5869] wacom 0003:056A:0043.0010: unbalanced delimiter at end of report description [ 501.759597][ T5869] wacom 0003:056A:0043.0010: parse failed [ 501.759721][ T5869] wacom 0003:056A:0043.0010: probe with driver wacom failed with error -22 [ 502.021751][ T5987] usb 9-1: USB disconnect, device number 9 [ 502.771165][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 504.237543][T12283] netlink: 204 bytes leftover after parsing attributes in process `syz.5.2158'. [ 504.928152][ T8446] wlan1: Trigger new scan to find an IBSS to join [ 505.932133][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 505.932169][ C1] lec:lec_tx_timeout: lec0 [ 505.932280][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 506.427497][T12344] option changes via remount are deprecated (pid=12339 comm=syz.8.2181) [ 506.427524][T12344] cgroup: option or name mismatch, new: 0x0 "none", old: 0x0 "" [ 506.597498][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.601773][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.361505][T12368] program syz.8.2191 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 509.852688][ T8446] wlan1: Trigger new scan to find an IBSS to join [ 510.915413][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 510.915538][ C1] lec:lec_tx_timeout: lec0 [ 510.926048][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 511.036456][T12410] binder: 12407:12410 unknown command 1768042286 [ 511.036482][T12410] binder: 12407:12410 ioctl c0306201 200000000140 returned -22 [ 511.237142][T12450] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2225'. [ 511.472863][ T67] wlan1: Creating new IBSS network, BSSID 06:5d:1a:2c:2a:ba [ 511.493133][T12456] program syz.1.2228 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 511.525492][T12459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 511.525682][T12459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 511.525821][T12459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 512.169402][T12473] netlink: 112 bytes leftover after parsing attributes in process `syz.7.2235'. [ 514.686315][T12506] netlink: 182 bytes leftover after parsing attributes in process `syz.5.2242'. [ 515.909951][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 515.909992][ C1] lec:lec_tx_timeout: lec0 [ 515.910246][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 515.986556][T12543] use of bytesused == 0 is deprecated and will be removed in the future, [ 515.986575][T12543] use the actual size instead. [ 518.304418][T12588] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2266'. [ 518.310100][T12588] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2266'. [ 518.461320][T12597] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2270'. [ 518.484086][T12597] veth1_to_hsr: entered promiscuous mode [ 518.491908][T12592] netlink: 32 bytes leftover after parsing attributes in process `syz.8.2268'. [ 518.544498][T12597] veth1_to_hsr: left promiscuous mode [ 518.846527][ T5801] Bluetooth: hci1: command 0x0406 tx timeout [ 519.116770][T12612] input: syz1 as /devices/virtual/input/input21 [ 520.567845][T12649] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2288'. [ 520.896861][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 520.896898][ C1] lec:lec_tx_timeout: lec0 [ 520.897059][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 521.023694][ T5869] kernel write not supported for file /787/attr/prev (pid: 5869 comm: kworker/0:4) [ 521.029050][ T36] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 521.175530][ T36] usb 9-1: Using ep0 maxpacket: 8 [ 521.178553][ T36] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 521.178593][ T36] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 521.178622][ T36] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 521.178648][ T36] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 521.178695][ T36] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 521.178721][ T36] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 521.524188][ T36] usb 9-1: GET_CAPABILITIES returned 0 [ 521.524245][ T36] usbtmc 9-1:16.0: can't read capabilities [ 521.734817][ T36] usb 9-1: USB disconnect, device number 10 [ 522.725621][T12699] netlink: 44 bytes leftover after parsing attributes in process `syz.8.2304'. [ 523.383835][T12721] delete_channel: no stack [ 523.829181][T12733] fuse: Bad value for 'group_id' [ 523.829197][T12733] fuse: Bad value for 'group_id' [ 523.952702][T12742] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2324'. [ 524.233747][T12742] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2324'. [ 524.976026][T12772] netlink: 'syz.7.2335': attribute type 11 has an invalid length. [ 524.976053][T12772] netlink: 212332 bytes leftover after parsing attributes in process `syz.7.2335'. [ 525.885322][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 525.885361][ C1] lec:lec_tx_timeout: lec0 [ 525.885458][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 526.072315][T12805] mkiss: ax0: crc mode is auto. [ 526.818539][T12832] pimreg1: tun_chr_ioctl cmd 1074025677 [ 526.818788][T12832] pimreg1: linktype set to 823 [ 527.772991][ T5801] Bluetooth: hci5: command 0x1003 tx timeout [ 527.957977][ T5797] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 530.876291][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 530.879146][ C1] lec:lec_tx_timeout: lec0 [ 530.880050][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 531.330316][T12906] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.2393'. [ 531.871782][ T5869] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 531.983503][T12923] Falling back ldisc for ttyS3. [ 532.021254][ T5869] usb 9-1: Using ep0 maxpacket: 32 [ 532.039147][ T5869] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 532.039178][ T5869] usb 9-1: config 0 has no interface number 0 [ 532.067679][ T5869] usb 9-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 532.067716][ T5869] usb 9-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 532.067740][ T5869] usb 9-1: Product: syz [ 532.067756][ T5869] usb 9-1: Manufacturer: syz [ 532.067772][ T5869] usb 9-1: SerialNumber: syz [ 532.120960][ T5869] usb 9-1: config 0 descriptor?? [ 532.152354][ T5869] usb 9-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 532.152387][ T5869] usb 9-1: selecting invalid altsetting 1 [ 532.152404][ T5869] usb 9-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 532.205088][ T5869] usb 9-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 532.207350][ T5869] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 532.207417][ T5869] usb 9-1: media controller created [ 532.299635][ T5869] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 532.397166][ T5869] usb 9-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 532.397231][ T5869] zl10353_read_register: readreg error (reg=127, ret==-71) [ 532.398485][ T5869] usb 9-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 532.508558][ T5869] usb 9-1: USB disconnect, device number 11 [ 533.366297][T11056] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 533.549465][T11056] usb 9-1: Using ep0 maxpacket: 8 [ 533.554759][T11056] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 533.554795][T11056] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 533.554825][T11056] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 533.554851][T11056] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 533.554898][T11056] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 533.554923][T11056] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 533.698685][T12955] tap0: tun_chr_ioctl cmd 1074025680 [ 533.851711][T11056] usb 9-1: GET_CAPABILITIES returned 0 [ 533.851778][T11056] usbtmc 9-1:16.0: can't read capabilities [ 534.051245][ T5987] usb 9-1: USB disconnect, device number 12 [ 534.270667][T12962] delete_channel: no stack [ 534.431461][T12966] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2418'. [ 535.720544][T13008] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 535.745791][T13008] batadv_slave_0: entered promiscuous mode [ 535.745824][T13008] batadv_slave_0: entered allmulticast mode [ 535.867210][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 535.867248][ C1] lec:lec_tx_timeout: lec0 [ 535.867356][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 537.054606][T13035] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2448'. [ 537.580281][ T5797] Bluetooth: hci4: command tx timeout [ 538.817454][T13068] cgroup: fork rejected by pids controller in /syz1 [ 540.217633][T13534] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2476'. [ 540.860243][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 540.860283][ C1] lec:lec_tx_timeout: lec0 [ 541.209766][T13551] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 541.211844][T13551] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 541.343376][T13548] netlink: set zone limit has 4 unknown bytes [ 541.398702][ T5869] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 541.436372][ T8471] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 541.572756][ T5869] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 541.572812][ T5869] usb 9-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 541.572839][ T5869] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.613622][ T5869] usb 9-1: config 0 descriptor?? [ 542.072946][ T5869] waltop 0003:172F:0501.0011: unbalanced collection at end of report description [ 542.075385][ T5869] waltop 0003:172F:0501.0011: probe with driver waltop failed with error -22 [ 542.252806][ T5869] usb 9-1: USB disconnect, device number 13 [ 543.751375][T13604] netlink: 'syz.1.2504': attribute type 8 has an invalid length. [ 544.077778][T13617] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 544.491844][T13631] CUSE: unknown device info "sit0" [ 544.491866][T13631] CUSE: unknown device info "x" [ 544.491875][T13631] CUSE: unknown device info "" [ 544.491884][T13631] CUSE: unknown device info "" [ 544.491893][T13631] CUSE: unknown device info "ð" [ 544.491901][T13631] CUSE: unknown device info "ED" [ 544.491910][T13631] CUSE: unknown device info "" [ 544.491919][T13631] CUSE: unknown device info "h" [ 544.491928][T13631] CUSE: zero length info key specified [ 547.481711][ T8462] Bluetooth: (null): Invalid header checksum [ 548.609342][T13695] netlink: 388 bytes leftover after parsing attributes in process `syz.0.2542'. [ 550.475099][T13740] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 550.876610][T13752] program syz.8.2569 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 550.907672][T13754] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2570'. [ 550.907700][T13754] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2570'. [ 550.907727][T13754] netlink: 'syz.1.2570': attribute type 19 has an invalid length. [ 550.907743][T13754] netlink: 'syz.1.2570': attribute type 20 has an invalid length. [ 551.124930][T13758] binder: 13757:13758 ioctl c00c620f 0 returned -14 [ 552.170935][T13791] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2585'. [ 552.528772][T13805] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2594'. [ 552.625450][T11056] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 552.784916][T11056] usb 9-1: Using ep0 maxpacket: 32 [ 552.790183][T11056] usb 9-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 552.790218][T11056] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.790240][T11056] usb 9-1: Product: syz [ 552.790253][T11056] usb 9-1: Manufacturer: syz [ 552.790270][T11056] usb 9-1: SerialNumber: syz [ 552.825543][T11056] usb 9-1: config 0 descriptor?? [ 552.840587][T11056] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 552.840661][T11056] dvb-usb: bulk message failed: -22 (4/0) [ 552.840672][T11056] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 552.840752][T11056] dvb-usb: bulk message failed: -22 (5/0) [ 552.840761][T11056] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 552.843738][T11056] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 552.894455][T11056] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 552.902848][T11056] usb 9-1: media controller created [ 552.920403][T11056] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 552.948372][T11056] usb 9-1: selecting invalid altsetting 3 [ 552.948397][T11056] ttusb2: set interface to alts=3 failed [ 553.018304][T11056] DVB: Unable to find symbol tda10086_attach() [ 553.018321][T11056] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 553.019164][T11056] dvb-usb: bulk message failed: -22 (4/0) [ 553.019179][T11056] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 553.019256][T11056] dvb-usb: bulk message failed: -22 (5/0) [ 553.019264][T11056] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 553.019306][T11056] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 553.062607][T13799] dvb-usb: bulk message failed: -22 (7/0) [ 553.062634][T13799] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0) [ 553.062742][T13799] ttusb2: i2c transfer failed. [ 553.066343][T11056] usb 9-1: USB disconnect, device number 14 [ 553.133639][T11056] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 553.439398][T13816] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 554.030902][T13830] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2605'. [ 555.861720][T13855] fuse: Unknown parameter 'group_i00000000000000000000' [ 560.395836][T11056] usb 9-1: new high-speed USB device number 15 using dummy_hcd [ 560.582891][T11056] usb 9-1: Using ep0 maxpacket: 32 [ 560.597530][T11056] usb 9-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 560.597552][T11056] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.606596][T11056] usb 9-1: config 0 descriptor?? [ 560.838278][T11056] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 560.846885][T11056] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 560.856269][T11056] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 560.856335][T11056] usb 9-1: media controller created [ 560.883736][T11056] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 562.028547][T11056] az6027: usb out operation failed. (-71) [ 562.028573][T11056] stb0899_attach: Driver disabled by Kconfig [ 562.028584][T11056] az6027: no front-end attached [ 562.028584][T11056] [ 562.034167][T11056] az6027: usb out operation failed. (-71) [ 562.034187][T11056] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 562.037465][T11056] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.8/usb9/9-1/input/input22 [ 562.057659][T11056] dvb-usb: schedule remote query interval to 400 msecs. [ 562.057687][T11056] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 562.079944][T11056] usb 9-1: USB disconnect, device number 15 [ 562.384038][T11056] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 564.348583][T13968] bridge1: entered allmulticast mode [ 564.352209][T13968] team0: Port device bridge1 added [ 564.366664][T13970] bridge0: port 3(team0) entered blocking state [ 564.366741][T13970] bridge0: port 3(team0) entered disabled state [ 564.368025][T13970] team0: entered allmulticast mode [ 564.368038][T13970] team_slave_0: entered allmulticast mode [ 564.368225][T13970] team_slave_1: entered allmulticast mode [ 564.368717][T13970] dummy0: entered allmulticast mode [ 564.410810][T13970] team0: entered promiscuous mode [ 564.410827][T13970] team_slave_0: entered promiscuous mode [ 564.411321][T13970] team_slave_1: entered promiscuous mode [ 564.411435][T13970] dummy0: entered promiscuous mode [ 564.411915][T13970] bridge1: entered promiscuous mode [ 564.514499][T13979] 9p: Bad value for 'wfdno' [ 566.464399][T14037] batadv_slave_1: entered promiscuous mode [ 566.467840][T14036] batadv_slave_1: left promiscuous mode [ 567.826057][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.826141][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.848529][ T1319] lec:lec_start_xmit: lec0:No lecd attached [ 570.342464][ T7408] syz_tun (unregistering): left allmulticast mode [ 570.467110][T14067] loop8: detected capacity change from 0 to 8 [ 570.518826][T10912] Dev loop8: unable to read RDB block 8 [ 570.518879][T10912] loop8: unable to read partition table [ 570.519268][T10912] loop8: partition table beyond EOD, truncated [ 570.560805][T14067] Dev loop8: unable to read RDB block 8 [ 570.560858][T14067] loop8: unable to read partition table [ 570.561117][T14067] loop8: partition table beyond EOD, truncated [ 570.561151][T14067] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 571.437827][T14078] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2710'. [ 571.478769][T14078] hsr_slave_0: left promiscuous mode [ 571.517039][T14078] hsr_slave_1: left promiscuous mode [ 572.366765][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 572.415518][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 572.417844][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 572.418228][ T5801] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 572.422909][ T5801] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 572.424554][ T5801] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 572.845331][ T7881] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.920743][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 573.176161][T14102] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 573.637271][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5810 ms [ 573.637375][ C1] lec:lec_tx_timeout: lec0 [ 574.194811][ T7881] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.537215][ T5801] Bluetooth: hci2: command tx timeout [ 574.545660][ T36] usb 9-1: new high-speed USB device number 16 using dummy_hcd [ 574.621735][ T7881] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.707819][ T36] usb 9-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 574.707860][ T36] usb 9-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 574.707889][ T36] usb 9-1: config 1 interface 0 has no altsetting 0 [ 574.714599][ T36] usb 9-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 574.714634][ T36] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 574.714656][ T36] usb 9-1: Product: syz [ 574.714671][ T36] usb 9-1: Manufacturer: syz [ 574.714687][ T36] usb 9-1: SerialNumber: syz [ 574.750559][T14120] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 574.750882][T14120] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 574.974045][ T7881] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.659791][T14088] chnl_net:caif_netlink_parms(): no params data found [ 575.782511][ T36] (unnamed net_device) (uninitialized): Assigned a random MAC address: ce:47:4d:71:6e:b9 [ 575.897894][ T36] rtl8150 9-1:1.0: eth20: rtl8150 is detected [ 575.995917][ T36] usb 9-1: USB disconnect, device number 16 [ 576.340501][ T7881] bridge_slave_1: left allmulticast mode [ 576.340531][ T7881] bridge_slave_1: left promiscuous mode [ 576.340869][ T7881] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.406840][ T7881] bridge_slave_0: left allmulticast mode [ 576.406874][ T7881] bridge_slave_0: left promiscuous mode [ 576.407180][ T7881] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.611384][ T5801] Bluetooth: hci2: command tx timeout [ 577.050580][ T36] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 577.230344][ T36] usb 9-1: Using ep0 maxpacket: 32 [ 577.232898][ T36] usb 9-1: config 0 has an invalid interface number: 182 but max is 0 [ 577.232927][ T36] usb 9-1: config 0 has no interface number 0 [ 577.232963][ T36] usb 9-1: config 0 interface 182 has no altsetting 0 [ 577.236206][ T36] usb 9-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=73.db [ 577.236238][ T36] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 577.236260][ T36] usb 9-1: Product: syz [ 577.236275][ T36] usb 9-1: Manufacturer: syz [ 577.236291][ T36] usb 9-1: SerialNumber: syz [ 577.245627][ T36] usb 9-1: config 0 descriptor?? [ 577.260901][ T36] hub 9-1:0.182: bad descriptor, ignoring hub [ 577.260943][ T36] hub 9-1:0.182: probe with driver hub failed with error -5 [ 577.471912][ T36] kaweth 9-1:0.182: Firmware present in device. [ 577.658983][ T36] kaweth 9-1:0.182: Statistics collection: 0 [ 577.659010][ T36] kaweth 9-1:0.182: Multicast filter limit: 0 [ 577.659026][ T36] kaweth 9-1:0.182: MTU: 0 [ 577.659041][ T36] kaweth 9-1:0.182: Read MAC address 00:00:00:00:00:00 [ 578.277121][ T36] kaweth 9-1:0.182: Error setting receive filter [ 578.277467][ T36] kaweth 9-1:0.182: probe with driver kaweth failed with error -5 [ 578.310071][ T36] usb 9-1: USB disconnect, device number 17 [ 578.624137][ T7881] bond1 (unregistering): (slave geneve2): Releasing active interface [ 578.703512][ T5801] Bluetooth: hci2: command tx timeout [ 579.547263][ T7881] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 579.660002][ T7881] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 579.699244][ T7881] bond0 (unregistering): Released all slaves [ 580.744403][ T5801] Bluetooth: hci2: command tx timeout [ 580.748175][ T7881] bond1 (unregistering): Released all slaves [ 581.039130][T14088] bridge0: port 1(bridge_slave_0) entered blocking state [ 581.039286][T14088] bridge0: port 1(bridge_slave_0) entered disabled state [ 581.039559][T14088] bridge_slave_0: entered allmulticast mode [ 581.042575][T14088] bridge_slave_0: entered promiscuous mode [ 581.120829][T14088] bridge0: port 2(bridge_slave_1) entered blocking state [ 581.129500][T14088] bridge0: port 2(bridge_slave_1) entered disabled state [ 581.129762][T14088] bridge_slave_1: entered allmulticast mode [ 581.132398][T14088] bridge_slave_1: entered promiscuous mode [ 581.611817][T14234] fuse: Unknown parameter 'use00000000000000000000' [ 582.116099][T14088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 582.117798][T14240] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2777'. [ 582.182949][T14088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 583.298547][T14088] team0: Port device team_slave_0 added [ 583.328476][T14088] team0: Port device team_slave_1 added [ 583.544177][T14088] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 583.544197][T14088] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 583.544236][T14088] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 583.550843][T14088] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 583.550859][T14088] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 583.550888][T14088] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 583.838794][ T7881] hsr_slave_0: left promiscuous mode [ 583.906646][ T7881] hsr_slave_1: left promiscuous mode [ 583.907753][ T7881] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 583.907790][ T7881] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 583.957197][ T7881] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 583.957228][ T7881] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 584.717020][ T7881] veth1_macvtap: left promiscuous mode [ 584.717773][ T7881] veth0_macvtap: left promiscuous mode [ 584.718042][ T7881] veth1_vlan: left promiscuous mode [ 584.718227][ T7881] veth0_vlan: left promiscuous mode [ 585.404203][T14310] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2802'. [ 586.956771][T14324] binder: 14323:14324 ioctl c0306201 0 returned -14 [ 586.957615][T14324] binder: 14323:14324 ioctl c0306201 200000000640 returned -22 [ 590.779468][ T7881] team0 (unregistering): Port device team_slave_1 removed [ 591.068296][ T7881] team0 (unregistering): Port device team_slave_0 removed [ 592.593770][ T5801] Bluetooth: hci2: command tx timeout [ 593.688177][T14329] batadv_slave_0: entered promiscuous mode [ 593.711145][T14334] batadv_slave_0: left promiscuous mode [ 594.021022][T14088] hsr_slave_0: entered promiscuous mode [ 594.021944][T14088] hsr_slave_1: entered promiscuous mode [ 595.208358][ T7881] IPVS: stop unused estimator thread 0... [ 595.673233][T14421] batadv_slave_1: entered promiscuous mode [ 595.675876][T14420] batadv_slave_1: left promiscuous mode [ 596.058125][T14088] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 596.115151][T14088] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 596.165386][T14088] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 596.202374][T14088] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 596.573488][T14088] 8021q: adding VLAN 0 to HW filter on device bond0 [ 596.611367][T14088] 8021q: adding VLAN 0 to HW filter on device team0 [ 596.636537][ T8467] bridge0: port 1(bridge_slave_0) entered blocking state [ 596.667907][ T8467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 596.698804][ T8450] bridge0: port 2(bridge_slave_1) entered blocking state [ 596.702892][ T8450] bridge0: port 2(bridge_slave_1) entered forwarding state [ 596.940498][T14465] overlayfs: failed to clone lowerpath [ 597.475554][T14088] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 598.194359][T14088] veth0_vlan: entered promiscuous mode [ 598.226632][T14088] veth1_vlan: entered promiscuous mode [ 598.323316][T14088] veth0_macvtap: entered promiscuous mode [ 598.351552][T14088] veth1_macvtap: entered promiscuous mode [ 598.431794][T14088] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 598.462111][T14088] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 598.485974][ T8467] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.516373][ T8467] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.516431][ T8467] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.516470][ T8467] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 599.033265][ T8450] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 599.033289][ T8450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 599.303512][ T8450] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 599.303537][ T8450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 599.579454][T14523] 9p: Bad value for 'rfdno' [ 600.560833][T14554] netlink: 'syz.9.2879': attribute type 10 has an invalid length. [ 600.624854][ T9889] lec:lec_start_xmit: lec0:No lecd attached [ 600.673061][T14554] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 600.906515][T14555] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 600.985567][T14555] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 601.281731][T14565] kAFS: unable to lookup cell '.,' [ 601.409126][T14562] kAFS: unable to lookup cell '(,c¾ûL' [ 601.627847][T14572] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 601.754461][T14576] netlink: 128 bytes leftover after parsing attributes in process `syz.7.2886'. [ 601.754500][T14576] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 602.553546][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 602.863293][T14591] bridge0: port 2(bridge_slave_1) entered disabled state [ 602.883427][T14591] bridge0: port 1(bridge_slave_0) entered disabled state [ 603.868930][ T8448] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 603.998788][T14591] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 604.020912][T14591] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 605.059071][ T8471] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.071616][ T8471] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.091596][ T8471] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.095602][ T8471] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.293910][T14634] team0: No ports can be present during mode change [ 605.456098][T14646] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2914'. [ 605.508558][ T5878] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 605.628188][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 605.628227][ C1] lec:lec_tx_timeout: lec0 [ 605.688159][ T5878] usb 10-1: Using ep0 maxpacket: 32 [ 605.695380][ T5878] usb 10-1: config 0 has an invalid interface number: 172 but max is 0 [ 605.695421][ T5878] usb 10-1: config 0 has no interface number 0 [ 605.695468][ T5878] usb 10-1: config 0 interface 172 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 605.730582][ T5878] usb 10-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 605.730615][ T5878] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.730635][ T5878] usb 10-1: Product: syz [ 605.730650][ T5878] usb 10-1: Manufacturer: syz [ 605.730664][ T5878] usb 10-1: SerialNumber: syz [ 605.778551][ T5878] usb 10-1: config 0 descriptor?? [ 605.798682][ T5878] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 605.828762][ T5898] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 606.003965][ T5898] usb 9-1: config index 0 descriptor too short (expected 23569, got 27) [ 606.004039][ T5898] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 606.031673][ T5898] usb 9-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 606.031707][ T5898] usb 9-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 606.031729][ T5898] usb 9-1: Manufacturer: syz [ 606.044558][ T5898] usb 9-1: config 0 descriptor?? [ 606.356030][T14662] netlink: 'syz.1.2921': attribute type 11 has an invalid length. [ 606.368976][ T5898] rc_core: IR keymap rc-hauppauge not found [ 606.368999][ T5898] Registered IR keymap rc-empty [ 606.399913][ T5898] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0 [ 606.451281][ T5898] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input23 [ 606.744770][ T5878] input: gspca_pac7302 as /devices/platform/dummy_hcd.9/usb10/10-1/input/input24 [ 606.874429][ T5878] usb 9-1: USB disconnect, device number 18 [ 606.947423][T11056] usb 10-1: USB disconnect, device number 2 [ 607.699555][T14687] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2926'. [ 607.699595][T14687] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2926'. [ 608.130411][T14701] PKCS8: Unsupported PKCS#8 version [ 608.133166][T14704] fuse: Unknown parameter '0x0000000000000003' [ 608.522326][T14712] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2935'. [ 609.361753][T11056] usb 9-1: new high-speed USB device number 19 using dummy_hcd [ 609.519059][T14732] netlink: 'syz.7.2944': attribute type 39 has an invalid length. [ 609.526139][T11056] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 609.526173][T11056] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 609.554683][T11056] usb 9-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 609.554719][T11056] usb 9-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 609.554741][T11056] usb 9-1: Manufacturer: syz [ 609.560586][T11056] usb 9-1: config 0 descriptor?? [ 610.501298][T11056] input: syz as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:256C:006D.0012/input/input25 [ 610.523996][T11056] input: syz as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:256C:006D.0012/input/input26 [ 610.560021][T11056] input: syz Touch Strip as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:256C:006D.0012/input/input27 [ 610.578205][T11056] input: syz Dial as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:256C:006D.0012/input/input28 [ 610.634907][T11056] uclogic 0003:256C:006D.0012: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.8-1/input0 [ 610.678918][T11056] usb 9-1: USB disconnect, device number 19 [ 611.422834][T14751] fido_id[14751]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/9-1/report_descriptor': No such file or directory [ 612.566823][ T5869] kernel write not supported for file bpf-prog (pid: 5869 comm: kworker/0:4) [ 613.205071][T14798] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2966'. [ 613.205105][T14798] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2966'. [ 613.510445][T14808] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2968'. [ 614.367336][T14837] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2979'. [ 614.516270][ T5801] block nbd0: Receive control failed (result -107) [ 614.829969][T14844] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2981'. [ 614.830005][T14844] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2981'. [ 615.405330][T14822] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 616.521557][T14875] overlayfs: upper fs does not support file handles, falling back to index=off. [ 616.521582][T14875] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 617.109665][T14892] bridge2: entered allmulticast mode [ 617.133725][T14892] bridge2: entered promiscuous mode [ 617.143341][T14892] team0: Port device bridge2 added [ 620.133885][ T5869] usb 9-1: new high-speed USB device number 20 using dummy_hcd [ 620.290927][ T5869] usb 9-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 620.290962][ T5869] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 620.350574][ T5869] usb 9-1: config 0 descriptor?? [ 621.402598][ T5869] pegasus 9-1:0.0: probe with driver pegasus failed with error -71 [ 621.436151][ T5869] usb 9-1: USB disconnect, device number 20 [ 622.578547][T15003] netlink: 'syz.1.3031': attribute type 39 has an invalid length. [ 625.456544][T15031] could not allocate digest TFM handle blake2b-256 [ 625.501283][T15043] bridge: RTM_NEWNEIGH with invalid ether address [ 625.502024][T15043] bridge: RTM_NEWNEIGH with invalid ether address [ 626.034430][T15060] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3053'. [ 626.034450][T15060] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3053'. [ 629.183027][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.183110][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.209572][ T1319] lec:lec_start_xmit: lec0:No lecd attached [ 630.753948][ T5878] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 630.903880][ T5878] usb 9-1: Using ep0 maxpacket: 32 [ 630.906447][ T5878] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 630.906484][ T5878] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 630.906528][ T5878] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 630.906554][ T5878] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.968386][ T5878] usb 9-1: config 0 descriptor?? [ 630.982145][ T5878] hub 9-1:0.0: USB hub found [ 631.197330][ T5878] hub 9-1:0.0: 1 port detected [ 631.816504][ T5870] hub 9-1:0.0: activate --> -90 [ 632.227721][ T5878] usb 9-1: USB disconnect, device number 21 [ 632.229019][ T5870] usb 9-1-port1: config error [ 632.896545][T15189] binder: 15188:15189 ioctl c0306201 2000000001c0 returned -22 [ 634.521002][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5320 ms [ 634.521041][ C1] lec:lec_tx_timeout: lec0 [ 634.791602][ T8467] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 636.161545][T15245] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3134'. [ 636.161577][T15245] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 636.316282][T15245] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 638.257377][T15270] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3143'. [ 638.257414][T15270] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3143'. [ 638.321768][T15270] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3143'. [ 638.321796][T15270] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3143'. [ 638.338398][ T67] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 638.338452][ T67] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 638.338489][ T67] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 638.338524][ T67] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 638.706144][ T37] audit: type=1326 audit(1770693160.083:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15276 comm="syz.1.3147" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f89e422af79 code=0x0 [ 638.794161][ T37] audit: type=1326 audit(1770693160.173:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15273 comm="syz.7.3146" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa485f5af79 code=0x0 [ 639.156728][T15287] netlink: 'syz.9.3149': attribute type 11 has an invalid length. [ 639.610165][ T5878] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 639.696516][ T37] audit: type=1326 audit(1770693161.073:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15292 comm="syz.5.3152" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3b2f71af79 code=0x0 [ 639.777757][ T5878] usb 10-1: Using ep0 maxpacket: 32 [ 639.781495][ T5878] usb 10-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 639.781562][ T5878] usb 10-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 639.781592][ T5878] usb 10-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 639.781622][ T5878] usb 10-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 639.786581][ T5878] usb 10-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 639.786616][ T5878] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.786638][ T5878] usb 10-1: Product: syz [ 639.786654][ T5878] usb 10-1: Manufacturer: syz [ 639.786671][ T5878] usb 10-1: SerialNumber: syz [ 639.919881][ C0] imon 10-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 639.942049][ T5878] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/input/input29 [ 640.167093][ T5878] imon 10-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 640.167117][ T5878] (id 0x00) [ 640.266908][ T5878] rc_core: IR keymap rc-imon-pad not found [ 640.266933][ T5878] Registered IR keymap rc-empty [ 640.267028][ T5878] imon 10-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 640.267049][ T5878] imon 10-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 640.409169][ T5878] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/rc/rc0 [ 640.413145][ T5878] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/rc/rc0/input30 [ 640.465036][ T5878] imon 10-1:155.0: iMON device (15c2:ffdc, intf0) on usb<10:3> initialized [ 640.979417][T15291] imon:send_packet: task interrupted [ 640.979593][T15291] imon:send_packet: packet tx failed (-512) [ 640.979729][T15291] imon:vfd_write: send packet #0 failed [ 641.017415][ T5878] usb 10-1: USB disconnect, device number 3 [ 642.605152][T15355] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 642.969937][T15364] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input31 [ 645.634442][T15433] input: syz0 as /devices/virtual/input/input32 [ 647.245304][T15464] Invalid ELF header magic: != ELF [ 648.911520][ T31] usb 9-1: new high-speed USB device number 22 using dummy_hcd [ 649.064917][ T31] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 649.064957][ T31] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 649.064982][ T31] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 649.065028][ T31] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 649.065055][ T31] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 649.133805][ T31] usb 9-1: config 0 descriptor?? [ 650.356927][ T31] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 650.626864][ T5870] usb 9-1: USB disconnect, device number 22 [ 651.165584][T15542] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3251'. [ 652.481033][T15576] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3264'. [ 653.232601][T15601] netlink: 'syz.5.3277': attribute type 3 has an invalid length. [ 655.498849][T15638] kvm: user requested TSC rate below hardware speed [ 655.662729][ T5878] hid_parser_main: 1261 callbacks suppressed [ 655.662755][ T5878] hid-generic 0080:0005:FFFFFFFE.0014: unknown main item tag 0x0 [ 655.662788][ T5878] hid-generic 0080:0005:FFFFFFFE.0014: unknown main item tag 0x0 [ 655.676187][ T31] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 655.832839][ T31] hid-generic 0000:0000:0000.0015: hidraw0: HID v0.00 Device [syz1] on syz0 [ 655.980915][ T5878] hid-generic 0080:0005:FFFFFFFE.0014: hidraw1: HID v0.03 Device [syz0] on syz1 [ 656.347102][T15656] fido_id[15656]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 656.729022][ T5801] Bluetooth: hci0: unexpected cc 0x203e length: 2 > 1 [ 656.732317][ T5801] Bluetooth: hci0: unexpected event for opcode 0x203e [ 657.305184][T15682] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 660.750459][ T5801] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 660.750824][ T5801] Bluetooth: hci0: Injecting HCI hardware error event [ 660.754802][ T5801] Bluetooth: hci0: hardware error 0x00 [ 660.865649][T15775] netlink: 212348 bytes leftover after parsing attributes in process `syz.9.3350'. [ 661.314930][T15786] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 661.862854][T15799] netlink: 'syz.1.3362': attribute type 10 has an invalid length. [ 661.935675][T15799] bond0: (slave dummy0): Releasing backup interface [ 661.954605][T15776] Bluetooth: hci4: command 0x0406 tx timeout [ 662.051121][T15799] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 662.051315][T15799] team0: Failed to send options change via netlink (err -105) [ 662.051334][T15799] team0: Port device dummy0 added [ 662.984264][ T5801] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 663.128171][T15821] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3371'. [ 663.128267][T15821] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 664.555441][T15821] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 664.992273][ T9889] lec:lec_start_xmit: lec0:No lecd attached [ 665.896440][T15856] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 666.220220][T15867] sg_write: process 711 (syz.8.3392) changed security contexts after opening file descriptor, this is not allowed. [ 666.236031][T15868] loop2: detected capacity change from 0 to 7 [ 666.264452][T15868] Dev loop2: unable to read RDB block 7 [ 666.264513][T15868] loop2: unable to read partition table [ 666.264759][T15868] loop2: partition table beyond EOD, truncated [ 666.264800][T15868] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 666.272799][ T5801] Bluetooth: hci3: unexpected event for opcode 0x2027 [ 666.425991][T15871] input: syz1 as /devices/virtual/input/input33 [ 666.952373][T15885] netlink: 'syz.8.3399': attribute type 21 has an invalid length. [ 666.952406][T15885] IPv6: NLM_F_CREATE should be specified when creating new route [ 666.952981][T15885] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 666.952996][T15885] IPv6: NLM_F_CREATE should be set when creating new route [ 666.953089][T15885] IPv6: NLM_F_CREATE should be set when creating new route [ 666.953126][T15885] IPv6: NLM_F_CREATE should be set when creating new route [ 667.563049][T15887] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3397'. [ 670.427562][T15960] batadv_slave_1: entered promiscuous mode [ 670.430273][T15960] batadv_slave_1: left promiscuous mode [ 670.500544][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5520 ms [ 670.500582][ C1] lec:lec_tx_timeout: lec0 [ 670.747573][T15968] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3431'. [ 672.504641][T16010] could not allocate digest TFM handle blake2b-256 [ 672.771861][T16022] dummy0: left promiscuous mode [ 672.814136][T16022] dummy0: left allmulticast mode [ 672.919742][T16022] team0: Port device dummy0 removed [ 672.932870][T16022] batman_adv: batadv0: Adding interface: dummy0 [ 672.932887][T16022] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 672.932916][T16022] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 675.345535][T16095] syz_tun: entered allmulticast mode [ 675.366900][T16094] syz_tun: left allmulticast mode [ 675.685851][T16108] overlayfs: failed to clone upperpath [ 681.270818][ T37] audit: type=1326 audit(1770693202.674:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16189 comm="syz.7.3517" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa485f5af79 code=0x0 [ 681.973400][T16215] binder: 16214:16215 ioctl c0306201 200000000640 returned -22 [ 682.177133][T16222] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3531'. [ 682.215016][T16222] macvtap1: entered promiscuous mode [ 682.215042][T16222] erspan0: entered promiscuous mode [ 682.215233][T16222] macvtap1: entered allmulticast mode [ 682.215246][T16222] erspan0: entered allmulticast mode [ 682.245231][T16223] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3531'. [ 682.308911][T16223] erspan0: left allmulticast mode [ 682.308942][T16223] erspan0: left promiscuous mode [ 682.823634][T16242] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 682.907626][ T8446] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 684.007189][T16273] sctp: [Deprecated]: syz.1.3551 (pid 16273) Use of struct sctp_assoc_value in delayed_ack socket option. [ 684.007189][T16273] Use struct sctp_sack_info instead [ 684.776069][T16297] 9pnet: p9_errstr2errno: server reported unknown error 0x00000 [ 685.098261][T16311] 9p: Bad value for 'rfdno' [ 686.563543][ T37] audit: type=1326 audit(1770693207.956:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16346 comm="syz.7.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa485f5af79 code=0x7ffc0000 [ 686.632742][ T37] audit: type=1326 audit(1770693207.976:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16346 comm="syz.7.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa485f5af79 code=0x7ffc0000 [ 686.632805][ T37] audit: type=1326 audit(1770693208.026:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16346 comm="syz.7.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa485f5af79 code=0x7ffc0000 [ 686.633262][ T37] audit: type=1326 audit(1770693208.026:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16346 comm="syz.7.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa485f1b84e code=0x7ffc0000 [ 686.651094][ T37] audit: type=1326 audit(1770693208.026:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16346 comm="syz.7.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fa485f5c297 code=0x7ffc0000 [ 686.655991][ T37] audit: type=1326 audit(1770693208.046:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16346 comm="syz.7.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa485f5af79 code=0x7ffc0000 [ 686.669502][ T37] audit: type=1326 audit(1770693208.056:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16346 comm="syz.7.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fa485f5c297 code=0x7ffc0000 [ 686.669558][ T37] audit: type=1326 audit(1770693208.066:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16346 comm="syz.7.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fa485f1b84e code=0x7ffc0000 [ 686.669605][ T37] audit: type=1326 audit(1770693208.066:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16346 comm="syz.7.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa485f5af79 code=0x7ffc0000 [ 686.669646][ T37] audit: type=1326 audit(1770693208.066:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16346 comm="syz.7.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa485f5af79 code=0x7ffc0000 [ 687.069361][T16353] netlink: 'syz.7.3582': attribute type 5 has an invalid length. [ 690.528641][T16397] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 690.582903][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.582988][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 690.589459][ T1319] lec:lec_start_xmit: lec0:No lecd attached [ 691.337981][T16420] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3611'. [ 692.287685][T16449] netlink: 9 bytes leftover after parsing attributes in process `syz.9.3624'. [ 692.337218][T16449] gretap0: entered promiscuous mode [ 692.397361][T16449] netlink: 5 bytes leftover after parsing attributes in process `syz.9.3624'. [ 692.397690][T16449] 0ªî{X¹¦: renamed from gretap0 [ 692.439977][T16449] 0ªî{X¹¦: left promiscuous mode [ 692.439996][T16449] 0ªî{X¹¦: entered allmulticast mode [ 692.445334][T16449] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 695.554542][T16557] netlink: 'syz.1.3654': attribute type 4 has an invalid length. [ 695.591819][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 695.591864][ C1] lec:lec_tx_timeout: lec0 [ 695.641898][T16557] netlink: 'syz.1.3654': attribute type 4 has an invalid length. [ 696.902406][T16583] 9p: Bad value for 'rfdno' [ 699.052476][ T5878] usb 9-1: new high-speed USB device number 23 using dummy_hcd [ 699.229927][ T5878] usb 9-1: unable to get BOS descriptor or descriptor too short [ 699.241907][ T5878] usb 9-1: config 129 has an invalid interface number: 135 but max is 0 [ 699.241939][ T5878] usb 9-1: config 129 has an invalid interface number: 5 but max is 0 [ 699.241960][ T5878] usb 9-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config [ 699.241982][ T5878] usb 9-1: config 129 has 2 interfaces, different from the descriptor's value: 1 [ 699.242007][ T5878] usb 9-1: config 129 has no interface number 0 [ 699.242024][ T5878] usb 9-1: config 129 has no interface number 1 [ 699.242093][ T5878] usb 9-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 699.242123][ T5878] usb 9-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30 [ 699.242166][ T5878] usb 9-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37 [ 699.242194][ T5878] usb 9-1: config 129 interface 135 has no altsetting 0 [ 699.242215][ T5878] usb 9-1: config 129 interface 5 has no altsetting 0 [ 699.267179][ T5878] usb 9-1: string descriptor 0 read error: -22 [ 699.267344][ T5878] usb 9-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62 [ 699.267369][ T5878] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 699.386115][ T5878] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 699.386155][ T5878] usb 9-1: MIDIStreaming interface descriptor not found [ 699.681057][ T5878] usb 9-1: USB disconnect, device number 23 [ 700.499041][T16639] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 700.499079][T16639] overlayfs: failed to set xattr on upper [ 700.499087][T16639] overlayfs: ...falling back to redirect_dir=nofollow. [ 700.499095][T16639] overlayfs: ...falling back to index=off. [ 700.499103][T16639] overlayfs: ...falling back to uuid=null. [ 700.499111][T16639] overlayfs: ...falling back to xino=off. [ 700.995713][ T5987] IPVS: starting estimator thread 0... [ 701.120501][T16657] IPVS: using max 6 ests per chain, 14400 per kthread [ 701.729797][T16674] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3700'. [ 706.309140][ T36] usb 9-1: new high-speed USB device number 24 using dummy_hcd [ 706.461753][ T36] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 706.461793][ T36] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 706.461821][ T36] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 706.461845][ T36] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 706.461892][ T36] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 706.461917][ T36] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.539604][ T36] usb 9-1: config 0 descriptor?? [ 707.013100][ T36] plantronics 0003:047F:FFFF.0016: ignoring exceeding usage max [ 707.062623][ T36] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 708.252354][T16787] overlayfs: failed to clone upperpath [ 708.382078][T16783] usb 9-1: string descriptor 0 read error: -71 [ 708.464042][T16789] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 708.464075][T16789] overlayfs: failed to set xattr on upper [ 708.464081][T16789] overlayfs: ...falling back to redirect_dir=nofollow. [ 708.464086][T16789] overlayfs: ...falling back to index=off. [ 708.464091][T16789] overlayfs: ...falling back to uuid=null. [ 709.392130][ T5987] usb 9-1: USB disconnect, device number 24 [ 713.216188][T16866] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 713.461022][T16862] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 713.816539][T16882] netlink: 'syz.5.3774': attribute type 4 has an invalid length. [ 713.878917][T16886] netlink: 'syz.5.3774': attribute type 4 has an invalid length. [ 714.887199][ T3007] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 715.795752][T16929] overlayfs: failed to clone upperpath [ 716.329844][ T37] kauditd_printk_skb: 29 callbacks suppressed [ 716.329865][ T37] audit: type=1326 audit(1770693237.744:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16940 comm="syz.5.3802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2f71af79 code=0x7ffc0000 [ 716.330378][ T37] audit: type=1326 audit(1770693237.744:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16940 comm="syz.5.3802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2f71af79 code=0x7ffc0000 [ 716.330935][ T37] audit: type=1326 audit(1770693237.744:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16940 comm="syz.5.3802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2f71af79 code=0x7ffc0000 [ 716.331494][ T37] audit: type=1326 audit(1770693237.744:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16940 comm="syz.5.3802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2f71af79 code=0x7ffc0000 [ 716.332635][ T37] audit: type=1326 audit(1770693237.744:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16940 comm="syz.5.3802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3b2f6bc399 code=0x7ffc0000 [ 716.333502][ T37] audit: type=1326 audit(1770693237.744:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16940 comm="syz.5.3802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2f71af79 code=0x7ffc0000 [ 716.356838][ T37] audit: type=1326 audit(1770693237.744:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16940 comm="syz.5.3802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2f71af79 code=0x7ffc0000 [ 716.501219][ T37] audit: type=1326 audit(1770693237.914:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16940 comm="syz.5.3802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3b2f6bc399 code=0x7ffc0000 [ 716.501916][ T37] audit: type=1326 audit(1770693237.914:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16940 comm="syz.5.3802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2f71af79 code=0x7ffc0000 [ 716.502771][ T37] audit: type=1326 audit(1770693237.914:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16940 comm="syz.5.3802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2f71af79 code=0x7ffc0000 [ 720.869226][T17094] overlayfs: failed to clone upperpath [ 721.114629][T17107] overlayfs: failed to clone upperpath [ 721.229974][T17099] 8021q: adding VLAN 0 to HW filter on device bond1 [ 721.246272][T17099] team0: Failed to send port change of device bond1 via netlink (err -105) [ 721.246389][T17099] team0: Failed to send options change via netlink (err -105) [ 721.246399][T17099] team0: Port device bond1 added [ 721.474504][T17118] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3883'. [ 721.474533][T17118] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3883'. [ 721.772064][T17127] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3888'. [ 721.772091][T17127] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3888'. [ 722.426146][T17147] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3897'. [ 723.076435][T17155] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 724.191541][T17201] netlink: 'syz.5.3921': attribute type 8 has an invalid length. [ 724.191566][T17201] netlink: 252 bytes leftover after parsing attributes in process `syz.5.3921'. [ 724.279515][ T37] kauditd_printk_skb: 123 callbacks suppressed [ 724.279536][ T37] audit: type=1800 audit(1770693245.695:407): pid=17180 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.7.3911" name="/" dev="fuse" ino=1 res=0 errno=0 [ 724.583282][T17215] input: syz0 as /devices/virtual/input/input34 [ 724.722745][T14643] udevd[14643]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 727.510198][T17285] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3957'. [ 728.280599][ T9889] lec:lec_start_xmit: lec0:No lecd attached [ 728.924769][T17318] bond2: entered allmulticast mode [ 729.041595][T17322] bond2: (slave bridge1): making interface the new active one [ 729.041614][T17322] bridge1: entered allmulticast mode [ 729.042118][T17322] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 730.953439][T17378] syz.5.3999 (17378) used greatest stack depth: 16544 bytes left [ 731.277974][T17390] IPv6: NLM_F_CREATE should be specified when creating new route [ 731.781637][ T5797] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 731.821322][ T5797] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 731.823386][ T5797] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 731.845933][ T5797] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 731.846946][ T5797] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 733.123839][ T36] page_pool_release_retry() stalled pool shutdown: id 101, 1 inflight 61 sec [ 733.523776][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5250 ms [ 733.523815][ C1] lec:lec_tx_timeout: lec0 [ 733.587906][T17434] tipc: Started in network mode [ 733.587933][T17434] tipc: Node identity 4, cluster identity 4711 [ 733.587949][T17434] tipc: Node number set to 4 [ 733.923822][ T5801] Bluetooth: hci5: command tx timeout [ 735.813004][ T37] audit: type=1800 audit(1770693257.217:408): pid=17478 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.4041" name="bus" dev="tmpfs" ino=4950 res=0 errno=0 [ 736.003470][ T5801] Bluetooth: hci5: command tx timeout [ 736.248341][ T3007] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 737.074034][ T3007] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 737.177680][T17402] chnl_net:caif_netlink_parms(): no params data found [ 738.044025][ T3007] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 738.083540][ T5797] Bluetooth: hci5: command tx timeout [ 738.715241][ T3007] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 738.859645][T17402] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.869688][T17402] bridge0: port 1(bridge_slave_0) entered disabled state [ 738.869976][T17402] bridge_slave_0: entered allmulticast mode [ 738.876240][T17402] bridge_slave_0: entered promiscuous mode [ 738.883671][T17402] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.883878][T17402] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.884139][T17402] bridge_slave_1: entered allmulticast mode [ 738.889420][T17402] bridge_slave_1: entered promiscuous mode [ 739.099739][T17402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 739.119570][T17402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 739.193028][T17402] team0: Port device team_slave_0 added [ 739.197991][T17402] team0: Port device team_slave_1 added [ 739.806193][T17567] io-wq is not configured for unbound workers [ 740.070875][T17402] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 740.070897][T17402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 740.070927][T17402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 740.143665][T17402] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 740.143686][T17402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 740.143716][T17402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 740.173429][ T5797] Bluetooth: hci5: command tx timeout [ 740.492841][T17402] hsr_slave_0: entered promiscuous mode [ 740.494709][T17402] hsr_slave_1: entered promiscuous mode [ 740.495924][T17402] debugfs: 'hsr0' already exists in 'hsr' [ 740.495953][T17402] Cannot create hsr debugfs directory [ 746.006637][ T3007] bridge_slave_1: left allmulticast mode [ 746.006660][ T3007] bridge_slave_1: left promiscuous mode [ 746.006857][ T3007] bridge0: port 2(bridge_slave_1) entered disabled state [ 746.108978][ T3007] bridge_slave_0: left allmulticast mode [ 746.109019][ T3007] bridge_slave_0: left promiscuous mode [ 746.109316][ T3007] bridge0: port 1(bridge_slave_0) entered disabled state [ 746.882242][ T85] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 751.141645][ T3007] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 752.015113][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.015182][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.019010][ T1319] lec:lec_start_xmit: lec0:No lecd attached [ 752.090805][ T3007] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 752.135503][ T3007] bond0 (unregistering): Released all slaves [ 755.389407][T17882] kvm: requested 180190 ns i8254 timer period limited to 200000 ns [ 755.394580][T17882] kvm: requested 48609 ns i8254 timer period limited to 200000 ns [ 755.395013][T17882] kvm: requested 2514 ns i8254 timer period limited to 200000 ns [ 755.395364][T17882] kvm: requested 26819 ns i8254 timer period limited to 200000 ns [ 755.395741][T17882] kvm: requested 155047 ns i8254 timer period limited to 200000 ns [ 755.396024][T17882] kvm: requested 87161 ns i8254 timer period limited to 200000 ns [ 755.396323][T17882] kvm: requested 27657 ns i8254 timer period limited to 200000 ns [ 755.408567][T17882] kvm: requested 85485 ns i8254 timer period limited to 200000 ns [ 755.408856][T17882] kvm: requested 22628 ns i8254 timer period limited to 200000 ns [ 755.409249][T17882] kvm: requested 70400 ns i8254 timer period limited to 200000 ns [ 757.701754][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5690 ms [ 757.701792][ C1] lec:lec_tx_timeout: lec0 [ 757.880963][ T3007] hsr_slave_0: left promiscuous mode [ 757.920829][ T3007] hsr_slave_1: left promiscuous mode [ 757.922229][ T3007] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 757.922259][ T3007] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 757.985573][ T3007] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 757.985605][ T3007] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 758.507794][ T3007] veth1_macvtap: left promiscuous mode [ 758.507921][ T3007] veth0_macvtap: left promiscuous mode [ 758.508274][ T3007] veth1_vlan: left promiscuous mode [ 758.508477][ T3007] veth0_vlan: left promiscuous mode [ 759.316996][T17946] overlayfs: failed to clone upperpath [ 765.911605][ T3007] team0 (unregistering): Port device team_slave_1 removed [ 766.251331][ T3007] team0 (unregistering): Port device team_slave_0 removed [ 769.446450][ T5801] Bluetooth: hci2: command 0x0406 tx timeout [ 769.453192][T18003] macvtap1: left promiscuous mode [ 769.453221][T18003] macvtap1: left allmulticast mode [ 769.682902][T18003] bond2: left allmulticast mode [ 769.682929][T18003] bridge1: left allmulticast mode [ 770.979444][ T13] netdevsim netdevsim7 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 771.007553][T18101] overlayfs: failed to clone upperpath [ 772.822345][ T13] netdevsim netdevsim7 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 772.979308][ T12] netdevsim netdevsim7 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 773.043594][ T12] netdevsim netdevsim7 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 773.106333][T18122] binder_alloc: 18118: binder_alloc_buf, no vma [ 773.129768][T17402] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 773.377318][T17402] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 773.579497][T17402] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 773.714360][T17402] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 774.853372][T17402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 774.969392][T17402] 8021q: adding VLAN 0 to HW filter on device team0 [ 774.993485][ T8455] bridge0: port 1(bridge_slave_0) entered blocking state [ 774.993739][ T8455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 775.017078][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 775.017315][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 775.926962][T17402] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 776.140634][T17402] veth0_vlan: entered promiscuous mode [ 776.199948][T17402] veth1_vlan: entered promiscuous mode [ 776.307381][T17402] veth0_macvtap: entered promiscuous mode [ 776.343979][T17402] veth1_macvtap: entered promiscuous mode [ 776.391852][T17402] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 776.413359][T17402] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 776.468307][ T8446] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.468581][ T8446] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.515746][ T1175] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.529391][ T1175] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 777.026479][ T37] audit: type=1107 audit(1770693298.362:409): pid=18216 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 778.299736][ T8455] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 778.299761][ T8455] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 778.598775][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 778.598801][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 778.997756][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 781.402000][ T37] audit: type=1326 audit(1770693302.822:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18244 comm="syz.7.4304" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa485f5af79 code=0x0 [ 783.438424][T11056] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 784.728560][T11056] usb 4-1: Using ep0 maxpacket: 32 [ 784.732671][T11056] usb 4-1: unable to get BOS descriptor or descriptor too short [ 784.735034][T11056] usb 4-1: config 7 has an invalid interface number: 187 but max is 0 [ 784.735066][T11056] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 784.735087][T11056] usb 4-1: config 7 has no interface number 0 [ 784.736055][T11056] usb 4-1: config 7 interface 187 altsetting 6 endpoint 0x7 has invalid wMaxPacketSize 0 [ 784.736084][T11056] usb 4-1: config 7 interface 187 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 784.736115][T11056] usb 4-1: config 7 interface 187 has no altsetting 0 [ 784.749504][T11056] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 784.749536][T11056] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 784.749556][T11056] usb 4-1: Product: syz [ 784.749571][T11056] usb 4-1: Manufacturer: syz [ 784.749585][T11056] usb 4-1: SerialNumber: syz [ 785.114932][T11056] usb 4-1: Cannot retrieve CPort count: -71 [ 785.114985][T11056] usb 4-1: Cannot retrieve CPort count: -71 [ 785.115021][T11056] es2_ap_driver 4-1:7.187: probe with driver es2_ap_driver failed with error -71 [ 785.158535][T11056] usb 4-1: USB disconnect, device number 5 [ 794.146431][ T9889] lec:lec_start_xmit: lec0:No lecd attached [ 798.281223][T18394] sch_tbf: burst 25 is lower than device ip6gre0 mtu (1448) ! [ 799.697962][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5560 ms [ 799.698159][ C1] lec:lec_tx_timeout: lec0 [ 800.763787][T18426] Bluetooth: hci0: invalid length 0, exp 2 for type 10 [ 804.215784][T18468] overlayfs: overlapping lowerdir path [ 809.827765][T18504] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4374'. [ 809.827804][T18504] netlink: 'syz.3.4374': attribute type 7 has an invalid length. [ 809.827838][T18504] netlink: 'syz.3.4374': attribute type 8 has an invalid length. [ 809.827852][T18504] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4374'. [ 809.834656][T18504] ip6gretap0: entered promiscuous mode [ 809.835632][T18504] syz_tun: entered promiscuous mode [ 809.836284][T18504] gretap0: entered promiscuous mode [ 813.116144][T16547] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 813.477977][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.478087][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 813.482505][ T1319] lec:lec_start_xmit: lec0:No lecd attached [ 814.356722][T18537] 9p: Bad value for 'rfdno' [ 814.641683][T18548] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4386'. [ 816.876545][ T5982] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 817.039152][ T5982] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 817.039189][ T5982] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 817.065752][ T5982] usb 4-1: config 0 descriptor?? [ 817.083474][ T5982] gspca_main: spca508-2.14.0 probing 8086:0110 [ 817.558519][ T5982] gspca_spca508: reg_read err -32 [ 817.559664][ T5982] gspca_spca508: reg_read err -32 [ 817.560759][ T5982] gspca_spca508: reg_read err -32 [ 818.577204][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5100 ms [ 818.577246][ C1] lec:lec_tx_timeout: lec0 [ 818.582793][ T5982] gspca_spca508: reg_read err -110 [ 818.583304][ T5982] gspca_spca508: reg write: error -32 [ 818.583410][ T5982] spca508 4-1:0.0: probe with driver spca508 failed with error -32 [ 820.647605][ T5900] usb 4-1: USB disconnect, device number 6 [ 834.424923][T18713] kvm: kvm [18711]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xffdb0000d100 [ 846.967368][ T8471] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 859.604527][ T9889] lec:lec_start_xmit: lec0:No lecd attached [ 864.604965][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 864.605004][ C1] lec:lec_tx_timeout: lec0 [ 866.715491][ T5797] Bluetooth: hci5: command 0x0406 tx timeout [ 867.626582][T18990] lo speed is unknown, defaulting to 1000 [ 867.626689][T18990] lo speed is unknown, defaulting to 1000 [ 867.650406][T18990] lo speed is unknown, defaulting to 1000 [ 867.846572][T18991] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 868.349195][T18990] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 869.114616][T18990] lo speed is unknown, defaulting to 1000 [ 869.178918][T18990] lo speed is unknown, defaulting to 1000 [ 869.222880][T18990] lo speed is unknown, defaulting to 1000 [ 869.258306][T18990] lo speed is unknown, defaulting to 1000 [ 869.261405][T18990] lo speed is unknown, defaulting to 1000 [ 870.514949][T19013] Device name cannot be null; rc = [-22] [ 871.727108][T19022] 8021q: adding VLAN 0 to HW filter on device bond1 [ 871.918829][T19029] bond_slave_0: entered promiscuous mode [ 871.922682][T19029] bond_slave_1: entered promiscuous mode [ 871.938761][T19029] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 871.964302][T19029] bond1: (slave macvlan2): making interface the new active one [ 872.040826][T19029] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 872.937986][ T37] audit: type=1326 audit(1770693394.356:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19041 comm="syz.5.4524" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b2f71af79 code=0x0 [ 873.620427][T19057] input: syz0 as /devices/virtual/input/input35 [ 875.050017][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.050093][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.987361][ T1319] lec:lec_start_xmit: lec0:No lecd attached [ 878.725320][ T7881] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 881.640873][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5650 ms [ 881.640913][ C1] lec:lec_tx_timeout: lec0 [ 883.729167][ T31] ------------[ cut here ]------------ [ 883.729185][ T31] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 883.729203][ T31] WARNING: drivers/gpu/drm/drm_vblank.c:1318 at drm_wait_one_vblank+0x3b5/0x5d0, CPU#1: kworker/1:0/31 [ 883.729255][ T31] Modules linked in: [ 883.729280][ T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:0 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 883.729313][ T31] Tainted: [L]=SOFTLOCKUP [ 883.729321][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 883.729336][ T31] Workqueue: events drm_fb_helper_damage_work [ 883.729371][ T31] RIP: 0010:drm_wait_one_vblank+0x5a2/0x5d0 [ 883.729405][ T31] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 df 24 dc fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 e3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f [ 883.729425][ T31] RSP: 0018:ffffc90000a5f860 EFLAGS: 00010246 [ 883.729444][ T31] RAX: 1ffff11004915a00 RBX: ffffffff8f534080 RCX: 0000000000000000 [ 883.729461][ T31] RDX: ffffffff8b9ef3e0 RSI: ffffffff8ba0b140 RDI: ffffffff8f534080 [ 883.729478][ T31] RBP: ffffc90000a5f948 R08: 0000000000000000 R09: 0000000000000000 [ 883.729493][ T31] R10: dffffc0000000000 R11: fffffbfff1e90f2f R12: ffffffff8ba0b140 [ 883.729509][ T31] R13: ffff8880248ad000 R14: 1ffff9200014bf10 R15: ffffffff8b9ef3e0 [ 883.729526][ T31] FS: 0000000000000000(0000) GS:ffff8881266b1000(0000) knlGS:0000000000000000 [ 883.729545][ T31] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 883.729560][ T31] CR2: 00007fc34dee6861 CR3: 0000000025e0c000 CR4: 00000000003526f0 [ 883.729581][ T31] Call Trace: [ 883.729591][ T31] [ 883.729607][ T31] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 883.729642][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 883.729670][ T31] ? rt_spin_unlock+0x160/0x200 [ 883.729700][ T31] ? drm_vblank_get+0x147/0x260 [ 883.729735][ T31] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 883.729779][ T31] drm_fb_helper_damage_work+0x131/0x6f0 [ 883.729816][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 883.729844][ T31] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 883.729879][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 883.729906][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 883.729928][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 883.729953][ T31] process_scheduled_works+0xaec/0x17a0 [ 883.730009][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 883.730029][ T31] ? do_raw_spin_lock+0x12b/0x2f0 [ 883.730055][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 883.730074][ T31] ? schedule+0x90/0x360 [ 883.730117][ T31] worker_thread+0xda6/0x1360 [ 883.730172][ T31] kthread+0x726/0x8b0 [ 883.730205][ T31] ? __pfx_worker_thread+0x10/0x10 [ 883.730228][ T31] ? __pfx_kthread+0x10/0x10 [ 883.730252][ T31] ? rt_spin_unlock+0x14f/0x200 [ 883.730285][ T31] ? rt_spin_unlock+0x160/0x200 [ 883.730309][ T31] ? __pfx_kthread+0x10/0x10 [ 883.730339][ T31] ret_from_fork+0x51b/0xa40 [ 883.730367][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 883.730390][ T31] ? __switch_to+0xc82/0x1410 [ 883.730429][ T31] ? __pfx_kthread+0x10/0x10 [ 883.730458][ T31] ret_from_fork_asm+0x1a/0x30 [ 883.730512][ T31] [ 883.730524][ T31] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 883.730543][ T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:0 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 883.730573][ T31] Tainted: [L]=SOFTLOCKUP [ 883.730581][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 883.730595][ T31] Workqueue: events drm_fb_helper_damage_work [ 883.730627][ T31] Call Trace: [ 883.730636][ T31] [ 883.730644][ T31] vpanic+0x1e0/0x670 [ 883.730681][ T31] panic+0xc5/0xd0 [ 883.730711][ T31] ? __pfx_panic+0x10/0x10 [ 883.730753][ T31] ? ret_from_fork_asm+0x1a/0x30 [ 883.730801][ T31] __warn+0x315/0x4a0 [ 883.730830][ T31] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 883.730865][ T31] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 883.730898][ T31] __report_bug+0x29a/0x540 [ 883.730938][ T31] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 883.730972][ T31] ? __pfx___report_bug+0x10/0x10 [ 883.731025][ T31] report_bug_entry+0x19a/0x290 [ 883.731058][ T31] ? drm_wait_one_vblank+0x5a2/0x5d0 [ 883.731088][ T31] ? drm_wait_one_vblank+0x5a7/0x5d0 [ 883.731120][ T31] handle_bug+0xca/0x200 [ 883.731145][ T31] exc_invalid_op+0x1a/0x50 [ 883.731169][ T31] asm_exc_invalid_op+0x1a/0x20 [ 883.731192][ T31] RIP: 0010:drm_wait_one_vblank+0x5a2/0x5d0 [ 883.731225][ T31] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 df 24 dc fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 e3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f [ 883.731244][ T31] RSP: 0018:ffffc90000a5f860 EFLAGS: 00010246 [ 883.731262][ T31] RAX: 1ffff11004915a00 RBX: ffffffff8f534080 RCX: 0000000000000000 [ 883.731278][ T31] RDX: ffffffff8b9ef3e0 RSI: ffffffff8ba0b140 RDI: ffffffff8f534080 [ 883.731295][ T31] RBP: ffffc90000a5f948 R08: 0000000000000000 R09: 0000000000000000 [ 883.731309][ T31] R10: dffffc0000000000 R11: fffffbfff1e90f2f R12: ffffffff8ba0b140 [ 883.731326][ T31] R13: ffff8880248ad000 R14: 1ffff9200014bf10 R15: ffffffff8b9ef3e0 [ 883.731368][ T31] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 883.731402][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 883.731429][ T31] ? rt_spin_unlock+0x160/0x200 [ 883.731459][ T31] ? drm_vblank_get+0x147/0x260 [ 883.731495][ T31] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 883.731527][ T31] drm_fb_helper_damage_work+0x131/0x6f0 [ 883.731565][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 883.731593][ T31] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 883.731627][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 883.731653][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 883.731675][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 883.731700][ T31] process_scheduled_works+0xaec/0x17a0 [ 883.731756][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 883.731785][ T31] ? do_raw_spin_lock+0x12b/0x2f0 [ 883.731810][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 883.731829][ T31] ? schedule+0x90/0x360 [ 883.731870][ T31] worker_thread+0xda6/0x1360 [ 883.731923][ T31] kthread+0x726/0x8b0 [ 883.731956][ T31] ? __pfx_worker_thread+0x10/0x10 [ 883.731979][ T31] ? __pfx_kthread+0x10/0x10 [ 883.732004][ T31] ? rt_spin_unlock+0x14f/0x200 [ 883.732036][ T31] ? rt_spin_unlock+0x160/0x200 [ 883.732060][ T31] ? __pfx_kthread+0x10/0x10 [ 883.732089][ T31] ret_from_fork+0x51b/0xa40 [ 883.732117][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 883.732139][ T31] ? __switch_to+0xc82/0x1410 [ 883.732177][ T31] ? __pfx_kthread+0x10/0x10 [ 883.732207][ T31] ret_from_fork_asm+0x1a/0x30 [ 883.732261][ T31] [ 883.732662][ T31] Kernel Offset: disabled